matrix-org · dkasak · Sep 13, 2024 · Aug 30, 2024 · Aug 30, 2024 · Aug 30, 2024
diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml
@@ -1,3 +1,39 @@
+[[findings]]
+date = "2024-05-26"
+reporter.name = "Charlotte"
+reporter.link = "https://github.com/DarkKirb"
+summary = """
+Found room preview settings were controllable by the homeserver.
+"""
+project = "Matrix JS SDK"
+
+[[findings]]
+date = "2024-05-26"
+reporter.name = "morguldir"
+reporter.link = "https://github.com/morguldir/"
+summary = """
+Discovered a way to freeze clients using the Matrix JS SDK by crafting a room with itself as its predecessor (CVE-2024-42369 / GHSA-vhr5-g3pm-49fm).
+"""
+project = "Matrix JS SDK"
+
+[[findings]]
+date = "2024-04-25"
+reporter.name = "Johannes Marbach"
+reporter.link = "https://github.com/Johennes"
+summary = """
+Identified a method to supply arbitrary parameter to sonar-scanner.
+"""
+project = "matrix-org/sonarcloud-workflow-action"
+
+[[findings]]
+date = "2023-06-20"
+reporter.name = "Alexey Shchepin"
+reporter.link = "https://github.com/alexeyshch"
+summary = """
+Discovered that weakness in auth chain indexing allowed DoS from remote room members through disk fill and high CPU usage ([GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v)).
+"""
+project = "Synapse"
+
 [[findings]]
 date = "2023-07-31"
 reporter.name = "Martin Schobert, Pentagrid AG"