Lucene search

CVE-2024-25623

🗓️ 19 Feb 2024 16:51:15Reported by GitHub_MType

Mastodon allows remote content spoofing through crafted Activity Streams documen

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
OSV	CVE-2024-25623	19 Feb 202416:15	–	osv
OSV	BIT-MASTODON-2024-25623	31 Mar 202418:20	–	osv
NVD	CVE-2024-25623	19 Feb 202416:15	–	nvd
RedhatCVE	CVE-2024-25623	5 Feb 202513:02	–	redhatcve
Vulnrichment	CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts	19 Feb 202415:28	–	vulnrichment
Prion	Design/Logic Flaw	19 Feb 202416:15	–	prion
Cvelist	CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts	19 Feb 202415:28	–	cvelist

Nvd

Vulners

Node

joinmastodon mastodonRange<3.5.19

joinmastodon mastodonRange4.0.0–4.0.15

joinmastodon mastodonRange4.1.0–4.1.15

joinmastodon mastodonRange4.2.0–4.2.7

[
  {
    "vendor": "mastodon",
    "product": "mastodon",
    "versions": [
      {
        "version": "< 3.5.19",
        "status": "affected"
      },
      {
        "version": ">= 4.0.0, < 4.0.15",
        "status": "affected"
      },
      {
        "version": ">= 4.1.0, < 4.1.15",
        "status": "affected"
      },
      {
        "version": ">= 4.2.0, < 4.2.7",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/mastodon/mastodon/commit/9fee5e852669e26f970e278021302e1a203fc022
github	www.github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Feb 2024 16:15Current

7.9High risk

Vulners AI Score7.9

CVSS37.7 - 8.5

EPSS0.0013

SSVC

CWE-434