Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
Typeapk
Namespacealpine
Namesynapse
Version1.120.2-r0
Qualifiers
arch aarch64
distroversion v3.22
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.127.1-r0
Latest_non_vulnerable_version1.139.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-f96c-qram-33cg
vulnerability_id VCID-f96c-qram-33cg
summary Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53867
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.32737
published_at 2026-06-13T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.32713
published_at 2026-06-14T12:55:00Z
2
value 0.00134
scoring_system epss
scoring_elements 0.32534
published_at 2026-06-11T12:55:00Z
3
value 0.00134
scoring_system epss
scoring_elements 0.32715
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53867
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53867
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53867
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/4186
reference_id 4186
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:06Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/4186
5
reference_url https://github.com/advisories/GHSA-56w4-5538-8v8h
reference_id GHSA-56w4-5538-8v8h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56w4-5538-8v8h
6
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h
reference_id GHSA-56w4-5538-8v8h
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:06Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h
fixed_packages
0
url pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.2-r0%3Farch=aarch64&distroversion=v3.22&reponame=community
aliases CVE-2024-53867, GHSA-56w4-5538-8v8h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f96c-qram-33cg
1
url VCID-hqwh-2un3-bqd8
vulnerability_id VCID-hqwh-2un3-bqd8
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.58194
published_at 2026-06-12T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58198
published_at 2026-06-14T12:55:00Z
2
value 0.00353
scoring_system epss
scoring_elements 0.5808
published_at 2026-06-11T12:55:00Z
3
value 0.00353
scoring_system epss
scoring_elements 0.5821
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:05:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
fixed_packages
0
url pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.2-r0%3Farch=aarch64&distroversion=v3.22&reponame=community
aliases CVE-2024-52815, GHSA-f3r3-h2mq-hx2h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqwh-2un3-bqd8
2
url VCID-rcdd-qkxt-nuez
vulnerability_id VCID-rcdd-qkxt-nuez
summary Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.76998
published_at 2026-06-12T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.77006
published_at 2026-06-14T12:55:00Z
2
value 0.00962
scoring_system epss
scoring_elements 0.76926
published_at 2026-06-11T12:55:00Z
3
value 0.00962
scoring_system epss
scoring_elements 0.77013
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
6
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.2-r0%3Farch=aarch64&distroversion=v3.22&reponame=community
aliases CVE-2024-53863, GHSA-vp6v-whfm-rv3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcdd-qkxt-nuez
3
url VCID-s1jf-x5ug-jqcq
vulnerability_id VCID-s1jf-x5ug-jqcq
summary Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
reference_id
reference_type
scores
0
value 0.01089
scoring_system epss
scoring_elements 0.78418
published_at 2026-06-14T12:55:00Z
1
value 0.01089
scoring_system epss
scoring_elements 0.78422
published_at 2026-06-13T12:55:00Z
2
value 0.01089
scoring_system epss
scoring_elements 0.78408
published_at 2026-06-12T12:55:00Z
3
value 0.01089
scoring_system epss
scoring_elements 0.7834
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
reference_id 4688#issuecomment-1167705518
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
5
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
reference_id 4688#issuecomment-2385711609
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
6
reference_url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
fixed_packages
0
url pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/synapse@1.120.2-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.2-r0%3Farch=aarch64&distroversion=v3.22&reponame=community
aliases CVE-2024-52805, GHSA-rfq8-j7rh-8hf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1jf-x5ug-jqcq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/synapse@1.120.2-r0%3Farch=aarch64&distroversion=v3.22&reponame=community