CVE-2021-29433: Sydent DoS (via resource exhaustion) due to improper input validation
(updated )
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.
References
- github.com/advisories/GHSA-pw4v-gr34-2553
- github.com/matrix-org/sydent
- github.com/matrix-org/sydent/commit/3175fd358ebc2c310eab7a3dbf296ce2bd54c1da
- github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
- github.com/pypa/advisory-database/tree/main/vulns/matrix-sydent/PYSEC-2021-24.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-29433
- pypi.org/project/matrix-sydent
Code Behaviors & Features
Detect and mitigate CVE-2021-29433 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →