Main Vulnerability Database Vulnerabilities #VU129603

Input validation error in Synapse - CVE-2021-21393

Published: April 12, 2021 / Updated: May 4, 2026

Vulnerability identifier: #VU129603

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-21393

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Synapse

Software vendor:
Matrix.org

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in groups/communities endpoints when handling requests with crafted parameter values. A remote attacker can send specially crafted requests to cause a denial of service.

Exploitation can lead to excessive use of disk space and memory, and clients may have issues rendering large fields.

Remediation

Install security update from vendor's website.

External links

https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
https://github.com/advisories/GHSA-jrh7-mhhx-6h88

Input validation error in Synapse - CVE-2021-21393

Description

Remediation

External links

Please verify you're human