FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-01 08:25:03 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cd2ace09-df23-11ef-a205-901b0e9408dc	dendrite -- Server-side request forgery vulnerability Dendrite team reports: This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Discovery 2025-01-16 Entry 2025-01-30 dendrite < 0.14.1 CVE-2024-52594 https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822
4ebaa983-3299-11ed-95f8-901b0e9408dc	dendrite -- Signature checks not applied to some retrieved missing events Dendrite team reports: Events retrieved from a remote homeserver using /get_missing_events did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints (e.g. /event, /state) as they have been correctly verified. Homeservers that have federation disabled are not vulnerable. Discovery 2022-09-12 Entry 2022-09-12 dendrite < 0.9.8 https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c

VuXML ID

Description

cd2ace09-df23-11ef-a205-901b0e9408dc

dendrite -- Server-side request forgery vulnerability

Dendrite team reports:

This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.

Discovery 2025-01-16
Entry 2025-01-30
dendrite

< 0.14.1

CVE-2024-52594
https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822

4ebaa983-3299-11ed-95f8-901b0e9408dc

dendrite -- Signature checks not applied to some retrieved missing events

Dendrite team reports:

Events retrieved from a remote homeserver using /get_missing_events did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint.

Note that this does not apply to events retrieved through other endpoints (e.g. /event, /state) as they have been correctly verified.

Homeservers that have federation disabled are not vulnerable.

Discovery 2022-09-12
Entry 2022-09-12
dendrite

< 0.9.8

https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c