Description

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

INFO

Published Date :

2025-01-16T18:57:29.333Z

Last Modified :

2025-02-12T20:31:20.951Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52594 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52594.

URL Resource
https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128 cve-icon cve-icon
https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact