{"id":"PYSEC-2019-185","details":"An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.","aliases":["CVE-2019-11842","GHSA-gwf7-vfjf-wf6x"],"modified":"2023-11-01T04:50:17.149956Z","published":"2019-05-09T18:29:00Z","references":[{"type":"ARTICLE","url":"https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-gwf7-vfjf-wf6x"}],"affected":[{"package":{"name":"matrix-synapse","ecosystem":"PyPI","purl":"pkg:pypi/matrix-synapse"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.3.1"}]}],"versions":["0.33.5","0.33.5.1","0.33.6","0.33.6rc1","0.33.7","0.33.7rc1","0.33.7rc2","0.33.8","0.33.8rc2","0.33.9","0.34.0","0.34.0.1","0.34.0rc1","0.34.0rc2","0.34.1.1","0.99.0","0.99.0rc1","0.99.0rc2","0.99.0rc3","0.99.0rc4","0.99.1","0.99.1.1","0.99.1rc1","0.99.1rc2","0.99.2","0.99.2rc1","0.99.3","0.99.3rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/matrix-synapse/PYSEC-2019-185.yaml"}}],"schema_version":"1.7.3"}