Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/matrix-org/gomatrixserverlib(Go) | 0 | 0.0.0-20250116181547-c4f1e01eab0d | N/A |
CVSS Metrics
