These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d658042c-1c98-11ed-95f8-901b0e9408dcdendrite -- Incorrect parsing of the event default power level in event auth

Dendrite team reports:

The power level parsing within gomatrixserverlib was failing to parse the "events_default" key of the event, defaulting the event default power level to zero in all cases.

In rooms where the "events_default" power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers.

Discovery 2022-08-15
Entry 2022-08-15
Modified 2022-08-25
< 0.9.3

4ebaa983-3299-11ed-95f8-901b0e9408dcdendrite -- Signature checks not applied to some retrieved missing events

Dendrite team reports:

Events retrieved from a remote homeserver using /get_missing_events did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint.

Note that this does not apply to events retrieved through other endpoints (e.g. /event, /state) as they have been correctly verified.

Homeservers that have federation disabled are not vulnerable.

Discovery 2022-09-12
Entry 2022-09-12
< 0.9.8