logo

Database

Server-side request forgery (SSRF) In github.com/matrix-org/gomatrixserverlib

Description

Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

Impact

Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.

Patches

c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue.

Workarounds

Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

References

N/A

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-525942. NVD-2024-525943. OSV-2024-525944. GHSA-4ff6-858j-r8225. GCVE-2024-52594

References

1. https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r8222. https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad61283. https://pkg.go.dev/vuln/GO-2025-3396

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.