CVE-2024-52815

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.120.1

Description Synapse is an open-source Matrix homeserver. The issue arises from the failure to properly validate invites received over federation, allowing a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. This can be exploited by sending crafted invites, which Synapse 1.120.1 and later versions reject, thereby restoring the ability to sync for affected users.

Recommendations For versions prior to 1.120.1, update to Synapse 1.120.1 or later to protect the server's security and restore the ability to sync for affected users. As a temporary workaround, consider disabling federation from untrusted servers until the update can be applied.