{"id":"CVE-2021-21274","details":"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.","aliases":["GHSA-2hwx-mjrm-v3g8","PYSEC-2021-132"],"modified":"2026-04-10T04:29:35.777162Z","published":"2021-02-26T18:15:12.237Z","related":["GHSA-2hwx-mjrm-v3g8"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"},{"type":"ADVISORY","url":"https://github.com/matrix-org/synapse/releases/tag/v1.25.0"},{"type":"FIX","url":"https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8"},{"type":"FIX","url":"https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6"},{"type":"FIX","url":"https://github.com/matrix-org/synapse/pull/8950"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/matrix-org/synapse","events":[{"introduced":"3bd9daf4b86ed811c9ced95a4adb9aa58b681399"},{"fixed":"ebd534b58d9d53dc5086a9dd9cb176868c7b93ef"},{"fixed":"ff5c4da1289cb5e097902b3e55b771be342c29d6"}],"database_specific":{"versions":[{"introduced":"0.99.0"},{"fixed":"1.25.0"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21274.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}