matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP.
Affected versions of this package are vulnerable to Open Redirect. Requests to user provided domains are not restricted to external IP addresses when transitional IPv6 addresses are used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This can cause
Synapse to make requests to internal infrastructure on dual-stack networks.
matrix-synapse to version 1.28.0 or higher.