Malicious users could abuse Sydent to control the content of invitation emails

GHSA-mh74-4m5g-fcjx · CVE-2021-29432 · PYSEC-2021-23

Published Apr 19, 2021 · Modified Mar 13, 2026

Description

Impact

A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example.

Patches

Fixed in 4469d1d, 6b405a8, 65a6e91.

Note that these patches include changes to the default email templates. If these templates have been locally modified, they must also be updated.

For more information

If you have any questions or comments about this advisory, email us at security@matrix.org.

References

WEB https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-29432
WEB https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42
WEB https://github.com/matrix-org/sydent/releases/tag/v2.3.0
WEB https://github.com/pypa/advisory-database/tree/main/vulns/matrix-sydent/PYSEC-2021-23.yaml
WEB https://pypi.org/project/matrix-sydent

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes