{"id":"CVE-2020-26257","details":"Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference \"homeserver\" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).","aliases":["GHSA-hxmp-pqch-c8mm","PYSEC-2020-236"],"modified":"2026-04-02T05:09:43.894839Z","published":"2020-12-09T19:15:11.500Z","related":["GHSA-hxmp-pqch-c8mm","openSUSE-SU-2024:11041-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QR4MMYZKX5N5GYGH4H5LBUUC5TLAFHI7/"},{"type":"ADVISORY","url":"https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm"},{"type":"ADVISORY","url":"https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09"},{"type":"FIX","url":"https://github.com/matrix-org/synapse/pull/8776"},{"type":"FIX","url":"https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/matrix-org/synapse","events":[{"introduced":"0"},{"fixed":"1cec3d145770b52a7588cdf9df552189da634c5f"},{"fixed":"3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.23.1"}]}}],"versions":["0.34.0rc2","1.7.2","2017-02-27","2017-02-27-before","2017-04-05_before-tcp","2017-05-18_1004","2017-05-22_1657","2017-05-23_1048","2017-06-06_1141","alpha","dinsic_2018-07-20","dinsic_2018-07-20_1","dinsic_2018-10-15","dinsic_2018-12-19","dinsic_2019-01-11","dinsic_2019-01-15","dinsic_2019-01-21","dinsic_2019-01-28","dinsic_2019-02-19-beta11","dinsic_2019-02-22-beta12","dinsic_2019-02-22-beta13","dinsic_2019-02-22-beta14","dinsic_2019-02-26","dinsic_2019-03-06","dinsic_2019-03-15","dinsic_2019-03-20","dinsic_2019-03-21","dinsic_2019-04-04","dinsic_2019-04-04_1","dinsic_2019-04-04_2","dinsic_2019-04-05","dinsic_2019-05-09","dinsic_2019-05-14","dinsic_2019-05-17","dinsic_2019-05-31","dinsic_2019-06-04","dinsic_2019-06-10","dinsic_2019-06-10_2","dinsic_2019-06-10_3","dinsic_2019-06-19","dinsic_2019-06-24","dinsic_2019-06-27","dinsic_2019-06-27_1","dinsic_2019-06-28","dinsic_2019-07-04","dinsic_2019-07-09","dinsic_2019-07-18","dinsic_2019-07-31","dinsic_2019-08-08","dinsic_2019-08-12","dinsic_2019-08-29","dinsic_2019-08-30","dinsic_2020-02-10","hhs-1","hhs-2","hhs-3","hhs-4","hhs-5","hhs-6","hhs-7","hhs-8","hhs-9","modular-dev-v1.3.2-alpha.1+modular","modular-dev-v1.3.2-alpha.2+modular","modular-dev-v1.3.2-alpha.3+modular","modular-dev-v1.3.2-alpha.4+modular","modular-dev-v1.3.2-alpha.5+modular","saml2_auth/181207","shhs-v1.0","shhs-v1.1","shhs-v1.1.1","shhs-v1.1.1.6-opt","shhs-v1.1.1.7-opt","shhs-v1.2","shhs-v1.2.0.1","shhs-v1.2.0.2","shhs-v1.2.1","shhs-v1.2.1.1","shhs-v1.2.1.2","v0.0.0","v0.0.1","v0.1","v0.1.0","v0.1.1","v0.1.2","v0.10.0","v0.10.0-r1","v0.10.0-r2","v0.10.0-rc1","v0.10.0-rc2","v0.10.0-rc3","v0.10.0-rc4","v0.10.0-rc5","v0.10.0-rc6","v0.10.1-rc1","v0.11.0","v0.11.0-r1","v0.11.0-r2","v0.11.0-rc1","v0.11.0-rc2","v0.11.1","v0.12.0","v0.12.0-rc1","v0.12.0-rc2","v0.12.0-rc3","v0.12.1-rc1","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.14.0","v0.14.0-rc1","v0.14.0-rc2","v0.15.0-rc1","v0.16.0","v0.16.0-rc1","v0.16.0-rc2","v0.16.1","v0.16.1-r1","v0.16.1-rc1","v0.17.0","v0.17.0-rc1","v0.17.0-rc2","v0.17.0-rc3","v0.17.0-rc4","v0.17.1","v0.17.1-rc1","v0.17.2","v0.17.2-rc1","v0.17.3","v0.18.0","v0.18.0-rc1","v0.18.1","v0.18.1-rc1","v0.18.2","v0.18.2-rc1","v0.18.2-rc2","v0.18.2-rc3","v0.18.2-rc4","v0.18.2-rc5","v0.18.3","v0.18.4","v0.18.4-rc1","v0.18.5","v0.18.5-rc1","v0.18.5-rc2","v0.18.5-rc3","v0.18.6","v0.18.6-rc1","v0.18.6-rc2","v0.18.6-rc3","v0.18.7","v0.18.7-rc1","v0.18.7-rc2","v0.19.0","v0.19.0-rc1","v0.19.0-rc2","v0.19.0-rc3","v0.19.0-rc4","v0.19.1","v0.19.2","v0.19.3","v0.19.3-rc1","v0.19.3-rc2","v0.2.0","v0.2.1","v0.2.1a","v0.2.2","v0.2.3","v0.20.0","v0.20.0-rc1","v0.21.0","v0.21.0-rc1","v0.21.0-rc2","v0.21.0-rc3","v0.21.1","v0.22.0","v0.22.0-rc1","v0.22.0-rc2","v0.22.1","v0.23.0","v0.23.0-rc1","v0.23.0-rc2","v0.23.1","v0.24.0","v0.24.0-rc1","v0.24.1","v0.25.0","v0.25.0-rc1","v0.25.1","v0.26.0","v0.26.0-rc1","v0.26.1","v0.27.0","v0.27.0-rc1","v0.27.0-rc2","v0.27.1","v0.27.2","v0.27.3","v0.27.3-rc1","v0.27.3-rc2","v0.27.4","v0.28.0","v0.28.0-rc1","v0.28.1","v0.29.0","v0.29.0-rc1","v0.29.1","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.30.0","v0.30.0-rc1","v0.31.0","v0.31.0-rc1","v0.31.1","v0.31.2","v0.32.0","v0.32.0rc1","v0.32.1","v0.32.2","v0.33.0","v0.33.0rc1","v0.33.1","v0.33.2","v0.33.2.1","v0.33.2rc1","v0.33.3","v0.33.3.1","v0.33.3rc1","v0.33.3rc2","v0.33.4","v0.33.4rc1","v0.33.4rc2","v0.33.5","v0.33.5.1","v0.33.5rc1","v0.33.6","v0.33.6rc1","v0.33.7","v0.33.7rc1","v0.33.7rc2","v0.33.8","v0.33.8rc1","v0.33.8rc2","v0.33.9","v0.33.9rc1","v0.34.0","v0.34.0.1","v0.34.0rc1","v0.34.0rc2","v0.34.1","v0.34.1+1","v0.34.1.1","v0.34.1rc1","v0.4.1","v0.4.2","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.5.3a","v0.5.3b","v0.5.3c","v0.5.4","v0.5.4a","v0.6.0","v0.6.0a","v0.6.0b","v0.6.1","v0.6.1a","v0.6.1b","v0.6.1c","v0.6.1d","v0.6.1e","v0.6.1f","v0.7.0","v0.7.0a","v0.7.0b","v0.7.0c","v0.7.0d","v0.7.0e","v0.7.0f","v0.7.1","v0.7.1-r1","v0.7.1-r2","v0.7.1-r3","v0.7.1-r4","v0.8.0","v0.8.1","v0.8.1-r1","v0.8.1-r2","v0.8.1-r3","v0.8.1-r4","v0.9.0","v0.9.0-r1","v0.9.0-r2","v0.9.0-r3","v0.9.0-r4","v0.9.0-r5","v0.9.1","v0.9.2","v0.9.2-r1","v0.9.2-r2","v0.9.3","v0.9.3-rc1","v0.9.4-rc1","v0.99.0","v0.99.0rc1","v0.99.0rc2","v0.99.0rc3","v0.99.0rc4","v0.99.1","v0.99.1.1","v0.99.1rc1","v0.99.1rc2","v0.99.2","v0.99.2rc1","v0.99.3","v0.99.3.1","v0.99.3.2","v0.99.3rc1","v0.99.4","v0.99.4rc1","v0.99.5","v0.99.5.1","v0.99.5.1.dev0","v0.99.5.2","v0.99.5rc1","v1.0.0","v1.0.0rc1","v1.0.0rc2","v1.0.0rc3","v1.1.0","v1.1.0rc1","v1.1.0rc2","v1.10.0","v1.10.0rc1","v1.10.0rc2","v1.10.0rc3","v1.10.0rc4","v1.10.0rc5","v1.10.1","v1.11.0","v1.11.0rc1","v1.11.1","v1.12.0","v1.12.0rc1","v1.12.1","v1.12.1rc1","v1.12.2","v1.12.3","v1.12.4","v1.12.4rc1","v1.13.0","v1.13.0rc1","v1.13.0rc2","v1.13.0rc3","v1.14.0","v1.14.0rc1","v1.14.0rc2","v1.15.0","v1.15.0rc1","v1.15.1","v1.15.2","v1.16.0","v1.16.0rc1","v1.16.0rc2","v1.16.1","v1.17.0","v1.17.0-mod1-modular-vdhtest2","v1.17.0rc1","v1.18.0","v1.18.0rc1","v1.18.0rc2","v1.19.0","v1.19.0rc1","v1.19.1","v1.19.1rc1","v1.19.2","v1.19.3","v1.2.0","v1.2.0rc1","v1.2.0rc2","v1.2.1","v1.20.0","v1.20.0rc1","v1.20.0rc2","v1.20.0rc3","v1.20.0rc4","v1.20.0rc5","v1.20.1","v1.21.0","v1.21.0rc1","v1.21.0rc2","v1.21.0rc3","v1.21.1","v1.21.2","v1.22.0","v1.22.0rc1","v1.22.0rc2","v1.22.1","v1.23.0","v1.23.0rc1","v1.24.0","v1.24.0rc1","v1.24.0rc2","v1.3.0","v1.3.0rc1","v1.3.1","v1.4.0","v1.4.0rc1","v1.4.0rc2","v1.4.1","v1.4.1rc1","v1.5.0","v1.5.0rc1","v1.5.0rc2","v1.5.1","v1.5.1_modular_device_hotfix","v1.6.0","v1.6.0rc1","v1.6.0rc2","v1.6.1","v1.7.0","v1.7.0rc1","v1.7.0rc2","v1.7.1","v1.7.1_modular_profile_hotfix","v1.7.2","v1.7.3","v1.8.0","v1.8.0rc1","v1.9.0","v1.9.0.dev1","v1.9.0.dev2","v1.9.0rc1","v1.9.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26257.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}