matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP.
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity
as it mishandles signature checking on some federation APIs. Events sent over
/invite may not be correctly signed, or may not come from expected hosts.
matrix-synapse to version 1.5.0rc2 or higher.