{"id":"CVE-2019-18835","details":"Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.","aliases":["GHSA-cppw-2mf8-qpm5","PYSEC-2019-186"],"modified":"2026-05-15T04:02:46.335948450Z","published":"2019-11-08T00:15:10.413Z","database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/matrix-org/synapse/releases/tag/v1.5.0"},{"type":"FIX","url":"https://github.com/matrix-org/synapse/pull/6262"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}