diff options
| author | Sean Quah <seanq@element.io> | 2021-11-19 18:40:13 +0000 |
|---|---|---|
| committer | Sean Quah <seanq@element.io> | 2021-11-19 18:40:13 +0000 |
| commit | 8fa83999d688bb4c1747f2237002422e566e085f (patch) | |
| tree | d73f81218dcf4b93f322961b7a4d7799300d7cc9 /CHANGES.md | |
| parent | Refer to 1.47.1 without the v (diff) | |
| download | synapse-8fa83999d688bb4c1747f2237002422e566e085f.tar.xz | |
Add CVE number v1.47.1
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index 972f6f18d5..fde8d7f81a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,7 +10,7 @@ Security advisory The following issue is fixed in 1.47.1. -- **[GHSA-3hfw-x7gx-437c](https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) / [CVE-2021-?????](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-?????): Path traversal when downloading remote media.** +- **[GHSA-3hfw-x7gx-437c](https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) / [CVE-2021-41281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281): Path traversal when downloading remote media.** Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. |