VYPR

Mastodon

by Mastodon

Source repositories

CVEs (49)

  • CVE-2023-36459Jul 6, 2023
    risk 0.00cvss epss 0.01

    Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in…

  • CVE-2023-28853Apr 4, 2023
    risk 0.00cvss epss 0.01

    Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform…

  • CVE-2022-48364Mar 6, 2023
    risk 0.00cvss epss 0.01

    The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was…

  • CVE-2022-46405Dec 4, 2022
    risk 0.00cvss epss 0.01

    Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of…

  • CVE-2022-2166Nov 16, 2022
    risk 0.00cvss epss 0.01

    Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.

  • CVE-2022-31263May 24, 2022
    risk 0.00cvss epss 0.01

    app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.

  • CVE-2022-24307Feb 3, 2022
    risk 0.00cvss epss 0.01

    Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.)

  • CVE-2022-0432Feb 2, 2022
    risk 0.00cvss epss 0.04

    Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.

  • CVE-2018-21018Sep 22, 2019
    risk 0.00cvss epss 0.03

    Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.

Page 3 of 3