VYPR
Unrated severityNVD Advisory· Published Sep 19, 2023· Updated Sep 24, 2024

Mastodon Invalid Domain Name Normalization vulnerability

CVE-2023-42451

Description

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Mastodon/Mastodonllm-fuzzy2 versions
    <3.5.14, >=4.0.0 <4.0.10, >=4.1.0 <4.1.8, >=4.2.0-rc1 <4.2.0-rc2+ 1 more
    • (no CPE)range: <3.5.14, >=4.0.0 <4.0.10, >=4.1.0 <4.1.8, >=4.2.0-rc1 <4.2.0-rc2
    • (no CPE)range: < 3.5.14
  • osv-coords
    Range: < 3.5.14

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.