Improper input validation in Element-hq Synapse

CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invi…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (58.0th percentile) — read the EPSS interpretation.