A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example.

### Patches

Fixed in 4469d1d, 6b405a8, 65a6e91.

Note that these patches include changes to the *default* email templates. If these templates have been locally modified, they must also be updated.

### For more information

If you have any questions or comments about this advisory, email us at [email protected].

Affected Packages

PyPI matrix-sydent

Affected versions: 0 (fixed in 2.3.0)

Related CVEs

CVE-2021-29432

Key Information

GHSA ID

GHSA-mh74-4m5g-fcjx

Published

April 19, 2021 2:54 PM

Last Modified

September 24, 2024 5:39 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

matrix-sydent

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.