What is CVE-2021-21332?

CVE-2021-21332 is a vulnerability in Synapse, a Matrix reference homeserver, that allows for cross-site scripting (XSS) attacks.

What is the severity of CVE-2021-21332?

CVE-2021-21332 has a severity rating of 8.2, which is considered high.

How does CVE-2021-21332 affect Synapse?

CVE-2021-21332 affects Synapse versions up to and excluding 1.27.0, making them vulnerable to cross-site scripting (XSS) attacks.

How can I fix CVE-2021-21332?

To fix CVE-2021-21332, upgrade to Synapse version 1.27.0 or higher.

Is Fedora affected by CVE-2021-21332?

Yes, Fedora version 34 is affected by CVE-2021-21332.

Vulnerability/
CVE-2021-21332

high

8.2

CWE

79 352

26/3/2021

23/11/2021

CVE-2021-21332: XSS

First published: Fri Mar 26 2021(Updated: )

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Matrix Synapse	<1.27.0
Fedoraproject Fedora	=34

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-21332?
CVE-2021-21332 is a vulnerability in Synapse, a Matrix reference homeserver, that allows for cross-site scripting (XSS) attacks.
What is the severity of CVE-2021-21332?
CVE-2021-21332 has a severity rating of 8.2, which is considered high.
How does CVE-2021-21332 affect Synapse?
CVE-2021-21332 affects Synapse versions up to and excluding 1.27.0, making them vulnerable to cross-site scripting (XSS) attacks.
How can I fix CVE-2021-21332?
To fix CVE-2021-21332, upgrade to Synapse version 1.27.0 or higher.
Is Fedora affected by CVE-2021-21332?
Yes, Fedora version 34 is affected by CVE-2021-21332.

collector/nvd-index
agent/severity
agent/author
vendor/matrix
canonical/matrix synapse
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.