GMS-2021-169: Denial of service due to improper input validation in third-party identifier endpoint

May 19, 2021

Impact

Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

Patches

The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

Workarounds

There are no known workarounds.

References

n/a

For more information

If you have any questions or comments about this advisory, email us at security@matrix.org.

References

github.com/advisories/GHSA-7h5v-85w9-pq6c
github.com/matrix-org/synapse/pull/9855
github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c

Code Behaviors & Features

Detect and mitigate GMS-2021-169 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →