What is CVE-2021-21333?

CVE-2021-21333 is a vulnerability in Synapse, a Matrix reference homeserver, that allows an attacker to intercept email notifications for missed messages or expiring accounts.

How severe is CVE-2021-21333?

CVE-2021-21333 has a severity level of 6.1 (medium).

What is the affected software for CVE-2021-21333?

The affected software for CVE-2021-21333 includes Matrix Synapse versions up to and excluding 1.27.0, as well as Fedoraproject Fedora version 34.

How can I fix CVE-2021-21333?

To fix CVE-2021-21333, upgrade Matrix Synapse to version 1.27.0 or higher.

What is the CWE classification of CVE-2021-21333?

The CWE classifications for CVE-2021-21333 are CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component).

Vulnerability/
CVE-2021-21333

medium

6.1

CWE

79 74

26/3/2021

21/10/2022

CVE-2021-21333: XSS

First published: Fri Mar 26 2021(Updated: )

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Matrix Synapse	<1.27.0
Fedoraproject Fedora	=34

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-21333?
CVE-2021-21333 is a vulnerability in Synapse, a Matrix reference homeserver, that allows an attacker to intercept email notifications for missed messages or expiring accounts.
How severe is CVE-2021-21333?
CVE-2021-21333 has a severity level of 6.1 (medium).
What is the affected software for CVE-2021-21333?
The affected software for CVE-2021-21333 includes Matrix Synapse versions up to and excluding 1.27.0, as well as Fedoraproject Fedora version 34.
How can I fix CVE-2021-21333?
To fix CVE-2021-21333, upgrade Matrix Synapse to version 1.27.0 or higher.
What is the CWE classification of CVE-2021-21333?
The CWE classifications for CVE-2021-21333 are CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.