25 matches found
CVE-2026-27477
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...
CVE-2026-27477
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...
CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...
CVE-2026-27477
Mastodon CVE-2026-27477 describes an SSRF risk in the FASP feature: unauthenticated registration of a FASP with a base_url that can resolve to an internal address, when the server has EXPERIMENTAL_FEATURES including fasp enabled. Affected: Mastodon versions 4.4.0–4.4.13 and 4.5.0–4.5.6. Impact: s...
CVE-2026-27468
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...
CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...
CVE-2026-27468
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...
CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...
CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...
Mastodon 代码问题漏洞
Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are code vulnerabilities in versions 4.4.0 to 4.4.13 and 4.5.0 to 4.5.6 of Mastodon. These vulnerabilities allow unverified attackers to register a FASP with a baseurl pointing to a local intern...
MAL-2025-43243 Malicious code in @zalastax/nolb-fasp (npm)
The package @zalastax/nolb-fasp was found to contain malicious code...
Malicious code in @zalastax/nolb-fasp (npm)
The package @zalastax/nolb-fasp was found to contain malicious code...
IBM Aspera Security Bypass Vulnerability (CNVD-2024-38533)
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A security bypass vulnerability exists in IBM Aspera versions 5.0.0 through 5.0.9, which can be exploited by an attacker to bypass intended access restriction...
IBM Aspera User Enumeration Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A user enumeration vulnerability exists in IBM Aspera Orchestrator version 4.0.1. The vulnerability stems from a significant difference between valid and...
IBM Aspera Operating System Command Injection Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An operating system command injection vulnerability exists in IBM Aspera Orchestrator version 4.0.1. The vulnerability stems from the application failing to...
IBM Aspera Connect and IBM Aspera Cargo Buffer Overflow Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A buffer overflow vulnerability exists in IBM Aspera Connect and IBM Aspera Cargo, which originates from a boundary check error and can be exploited by an...
IBM Aspera Cargo and IBM Aspera Connect Information Disclosure Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera Cargo and IBM Aspera Connect, which can be exploited by attackers to cause unauthorized...
IBM Aspera Faspex YAML deserialization
Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...
IBM Aspera Faspex YAML deserialization
Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...
IBM Aspera Cargo and IBM Aspera Connect Code Execution Vulnerabilities
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A code execution vulnerability exists in IBM Aspera Cargo and IBM Aspera Connect that originates from a boundary check error and can be exploited by an attack...