Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.11 views

CVE-2023-42450

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

7.5CVSS6.9AI score0.00386EPSS
Exploits0
Circl
Circl
added 2023/09/19 8:34 p.m.5 views

CVE-2023-42450

creationtimestamp| type| source ---|---|--- 2023-09-19 20:34:36+00:00| seen| https://t.me/cibsecurity/70743 2023-10-23 05:11:12+00:00| published-proof-of-concept| https://t.me/CNArsenal/1341 2023-10-23 10:58:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9247...

7.5CVSS7.3AI score0.00386EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/09/19 3:53 p.m.1 views

CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

5.4CVSS6.4AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2023/09/19 3:53 p.m.54 views

CVE-2023-42450

Mastodon (ActivityPub-based) is affected in versions up to 4.2.0-rc2 where crafting specific input can inject arbitrary data into HTTP requests issued by the server. The issue enables confused deputy attacks if ALLOWED_PRIVATE_ADDRESSES permits access to local exploitable services. A patch exists...

7.5CVSS6.4AI score0.00386EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder