Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-36460
HistoryJul 06, 2023 - 7:15 p.m.

Design/Logic Flaw

2023-07-0619:15:00
PRIOn knowledge base
www.prio-n.com
7
mastodon
logic flaw
media processing
arbitrary files
dos
remote code execution

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon’s media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.

Related

cve 1
osv 2
nvd 1
cvelist 1
thn 2
malwarebytes 1
cve
cve
CVE-2023-36460
2023-07-06 19:15:10
osv
osv
CVE-2023-36460
2023-07-06 19:15:10
BIT-mastodon-2023-36460
2024-03-06 10:56:36
nvd
nvd
CVE-2023-36460
2023-07-06 19:15:10
cvelist
cvelist
CVE-2023-36460 Mastodon vulnerable to arbitrary file creation through media attachments
2023-07-06 18:39:09
thn
thn
Mastodon Social Network Patches Critical Flaws Allowing Server Takeover
2023-07-07 12:55:00
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
2024-02-03 06:51:00
malwarebytes
malwarebytes
"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
2023-07-11 02:00:00

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON
Related for PRION:CVE-2023-36460
cve1osv2nvd1cvelist1thn2malwarebytes1