4 matches found
CVE-2023-42450
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
CVE-2023-42450
creationtimestamp| type| source ---|---|--- 2023-09-19 20:34:36+00:00| seen| https://t.me/cibsecurity/70743 2023-10-23 05:11:12+00:00| published-proof-of-concept| https://t.me/CNArsenal/1341 2023-10-23 10:58:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9247...
CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
CVE-2023-42450
Mastodon (ActivityPub-based) is affected in versions up to 4.2.0-rc2 where crafting specific input can inject arbitrary data into HTTP requests issued by the server. The issue enables confused deputy attacks if ALLOWED_PRIVATE_ADDRESSES permits access to local exploitable services. A patch exists...