Описание
Sydent DoS (via resource exhaustion) due to improper input validation
Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.
Patches
Fixed by 3175fd3.
For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
Ссылки
- https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
- https://nvd.nist.gov/vuln/detail/CVE-2021-29433
- https://github.com/matrix-org/sydent/commit/3175fd358ebc2c310eab7a3dbf296ce2bd54c1da
- https://github.com/pypa/advisory-database/tree/main/vulns/matrix-sydent/PYSEC-2021-24.yaml
- https://pypi.org/project/matrix-sydent
Пакеты
matrix-sydent
< 2.3.0
2.3.0
EPSS
5.3 Medium
CVSS4
4.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist.
Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...
EPSS
5.3 Medium
CVSS4
4.3 Medium
CVSS3