Mastodon up to and including 4.0.2 allows malicious users to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joinmastodon mastodon |