Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joinmastodon mastodon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-46405
Mastodon up to and including 4.0.2 allows malicious users to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled re...
Joinmastodon Mastodon
4.3
CVSSv2
CVE-2022-0432
Prototype Pollution in GitHub repository mastodon/mastodon before 3.5.0.
Joinmastodon Mastodon
7.5
CVSSv2
CVE-2022-24307
Mastodon prior to 3.3.2 and 3.4.x prior to 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.)
Joinmastodon Mastodon
NA
CVE-2022-48364
The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x prior to 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status upda...
Joinmastodon Mastodon
NA
CVE-2024-23832
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version before 3....
Joinmastodon Mastodon
1 Article
NA
CVE-2023-42450
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused ...
Joinmastodon Mastodon 4.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2