5 matches found
EUVD-2023-46896
Malicious code in bioql PyPI...
BIT-MASTODON-2023-42450 Mastodon Server-Side Request Forgery vulnerability
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
CVE-2023-42450
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
CVE-2023-42450
Mastodon (ActivityPub-based) is affected in versions up to 4.2.0-rc2 where crafting specific input can inject arbitrary data into HTTP requests issued by the server. The issue enables confused deputy attacks if ALLOWED_PRIVATE_ADDRESSES permits access to local exploitable services. A patch exists...
CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...