3 matches found
CVE-2022-24307
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...
CVE-2022-24307
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...
CVE-2022-24307
Mastodon prior to 3.3.2 and 3.4.x prior to 3.4.6 suffers from an access-control weakness due to not compacting incoming signed JSON-LD activities, despite JSON-LD signing being supported since 1.6.0. This affects versions 1.6.0–3.3.2 and 3.4.x–3.4.5, enabling potential improper access handling as...