PYSEC-2019-185

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2019-185.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-185
Aliases
Published
2019-05-09T18:29:00Z
Modified
2023-11-08T04:01:02.324944Z
Summary
[none]
Details

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

References

Affected packages

PyPI / matrix-synapse

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.99.3.1

Affected versions

0.*

0.33.5
0.33.5.1
0.33.6rc1
0.33.6
0.33.7rc1
0.33.7rc2
0.33.7
0.33.8rc2
0.33.8
0.33.9
0.34.0rc1
0.34.0rc2
0.34.0
0.34.0.1
0.34.1.1
0.99.0rc1
0.99.0rc2
0.99.0rc3
0.99.0rc4
0.99.0
0.99.1rc1
0.99.1rc2
0.99.1
0.99.1.1
0.99.2rc1
0.99.2
0.99.3rc1
0.99.3