https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 21 May 2026 00:25:29 +0000 https://db.gcve.eu/sighting/990e1ac6-aef8-4aba-8927-169cb0d955e2/export {"uuid": "990e1ac6-aef8-4aba-8927-169cb0d955e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-98PX-6486-J7QC", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/452", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32683\n\ud83d\udd39 Description: Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.\n\ud83d\udccf Published: 2023-06-06T18:24:30.457Z\n\ud83d\udccf Modified: 2025-01-07T16:26:12.352Z\n\ud83d\udd17 References:\n1. https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc\n2. https://github.com/matrix-org/synapse/pull/15601\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/", "creation_timestamp": "2025-01-07T16:37:28.000000Z"} {"uuid": "990e1ac6-aef8-4aba-8927-169cb0d955e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-98PX-6486-J7QC", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/452", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32683\n\ud83d\udd39 Description: Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.\n\ud83d\udccf Published: 2023-06-06T18:24:30.457Z\n\ud83d\udccf Modified: 2025-01-07T16:26:12.352Z\n\ud83d\udd17 References:\n1. https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc\n2. https://github.com/matrix-org/synapse/pull/15601\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/", "creation_timestamp": "2025-01-07T16:37:28.000000Z"} https://db.gcve.eu/sighting/990e1ac6-aef8-4aba-8927-169cb0d955e2/export Tue, 07 Jan 2025 16:37:28 +0000