CVE-2024-52594

Name of the Vulnerable Software and Affected Versions Gomatrixserverlib (affected versions not specified)

Description Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The issue allows access to certain content under specific conditions. Users are advised to upgrade to fix the issue. As a mitigation measure, users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

Recommendations For all affected versions, users are advised to upgrade to a version that includes the commit c4f1e01 to fix the issue. As a temporary workaround, consider using a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access, until a patch is applied.