Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-38sd-nr5v-7ffu
Summary
Improper Verification of Cryptographic Signature
Synapse allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
Aliases
0
alias CVE-2018-16515
1
alias GHSA-fmvh-rvq5-hhjx
Fixed_packages
0
url pkg:deb/debian/matrix-synapse@0.33.3.1-1?distro=sid
purl pkg:deb/debian/matrix-synapse@0.33.3.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@0.33.3.1-1%3Fdistro=sid
1
url pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
purl pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@1.152.1-1%3Fdistro=sid
2
url pkg:pypi/matrix-synapse@0.33.5
purl pkg:pypi/matrix-synapse@0.33.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k7r-p98w-7bg6
1
vulnerability VCID-2q41-366b-jfbs
2
vulnerability VCID-2uq2-kcfr-87gr
3
vulnerability VCID-361n-7ar1-fqgr
4
vulnerability VCID-3gx5-a6ja-eyhc
5
vulnerability VCID-3sbj-6gut-cybe
6
vulnerability VCID-44n9-z1mc-fydq
7
vulnerability VCID-4vve-jkk2-rueg
8
vulnerability VCID-57xv-u1be-mfez
9
vulnerability VCID-6bx9-6prt-vffg
10
vulnerability VCID-8vfd-w1xq-wuf9
11
vulnerability VCID-9jy7-pnmw-1bbq
12
vulnerability VCID-9t8r-dp58-xydr
13
vulnerability VCID-b461-xbt2-9fg1
14
vulnerability VCID-bmw9-6jkv-t3ds
15
vulnerability VCID-bnz6-nw3z-77gd
16
vulnerability VCID-buj8-8fqz-yyfe
17
vulnerability VCID-d6yz-j1f9-cfec
18
vulnerability VCID-djck-vkte-q7he
19
vulnerability VCID-ewxj-3jt9-p7af
20
vulnerability VCID-ftmr-xpa4-mbfd
21
vulnerability VCID-gmab-mbjg-gbet
22
vulnerability VCID-gre7-9vu7-vqdh
23
vulnerability VCID-hnm3-rn4r-1qa4
24
vulnerability VCID-j8zw-nzgv-mkeq
25
vulnerability VCID-mgxc-w86p-yqcm
26
vulnerability VCID-mqta-hmxv-duh6
27
vulnerability VCID-mxt4-9769-pkd5
28
vulnerability VCID-p7my-33nz-puhn
29
vulnerability VCID-qgzv-dqh8-c3gp
30
vulnerability VCID-rab2-vwyz-ufdt
31
vulnerability VCID-swgx-he8k-1qhy
32
vulnerability VCID-ubx5-xans-8bey
33
vulnerability VCID-z4xn-smp8-tfcj
34
vulnerability VCID-zc47-w46p-9bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@0.33.5
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16515
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63624
published_at 2026-06-05T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63582
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16515
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b
3
reference_url https://github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2
4
reference_url https://github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc
5
reference_url https://github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b
6
reference_url https://github.com/matrix-org/synapse/issues/3796#event-1833126269
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/issues/3796#event-1833126269
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P
8
reference_url https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1
9
reference_url https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
reference_id
reference_type
scores
url https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908044
reference_id 908044
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908044
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16515
reference_id CVE-2018-16515
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16515
12
reference_url https://usn.ubuntu.com/6076-1/
reference_id USN-6076-1
reference_type
scores
url https://usn.ubuntu.com/6076-1/
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 347
name Improper Verification of Cryptographic Signature
description The product does not verify, or incorrectly verifies, the cryptographic signature for data.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-38sd-nr5v-7ffu