Lucene search
+L

5 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-46896

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00386EPSS
Exploits0References2
osv
osv
added 2024/03/06 10:56 a.m.11 views

BIT-MASTODON-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

7.5CVSS7.5AI score0.00386EPSS
Exploits0References3
nvd
nvd
added 2023/09/19 4:15 p.m.36 views

CVE-2023-42450

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

7.5CVSS6.2AI score0.00386EPSS
Exploits0References2
cve
cve
added 2023/09/19 3:53 p.m.55 views

CVE-2023-42450

Mastodon (ActivityPub-based) is affected in versions up to 4.2.0-rc2 where crafting specific input can inject arbitrary data into HTTP requests issued by the server. The issue enables confused deputy attacks if ALLOWED_PRIVATE_ADDRESSES permits access to local exploitable services. A patch exists...

7.5CVSS6.4AI score0.00386EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/09/19 3:53 p.m.25 views

CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

5.4CVSS7.3AI score0.00386EPSS
Exploits0References4
Rows per page
Query Builder