Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-aqq5-8sgs-jbc6
SummarySynapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
Aliases
0
alias CVE-2022-41952
Fixed_packages
0
url pkg:deb/debian/matrix-synapse@1.53.0-1?distro=sid
purl pkg:deb/debian/matrix-synapse@1.53.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@1.53.0-1%3Fdistro=sid
1
url pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
purl pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@1.152.1-1%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41952
reference_id
reference_type
scores
0
value 0.00552
scoring_system epss
scoring_elements 0.68373
published_at 2026-06-04T12:55:00Z
1
value 0.00552
scoring_system epss
scoring_elements 0.68415
published_at 2026-06-05T12:55:00Z
2
value 0.00552
scoring_system epss
scoring_elements 0.68423
published_at 2026-06-06T12:55:00Z
3
value 0.00552
scoring_system epss
scoring_elements 0.68416
published_at 2026-06-07T12:55:00Z
4
value 0.00552
scoring_system epss
scoring_elements 0.68401
published_at 2026-06-08T12:55:00Z
5
value 0.00552
scoring_system epss
scoring_elements 0.68419
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41952
1
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
reference_id GHSA-4822-jvwx-w47h
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:47Z/
url https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
Weaknesses
0
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Exploits
Severity_range_score6.5 - 6.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-aqq5-8sgs-jbc6