Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52805

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.

Published

2024-12-03T17:15:12.120

Last Modified

2025-08-26T15:06:04.290

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	matrix	synapse	< 1.120.1	Yes

References

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 Vendor Advisory ([email protected])
https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 Issue Tracking ([email protected])
https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 Issue Tracking ([email protected])