3 matches found
CVE-2024-25623
CVE-2024-25623 describes a lack of verification of the Activity Streams Content-Type when Mastodon fetches remote statuses, enabling impersonation of accounts on remote servers that allow registering and arbitrary user uploads. Affected versions are prior to 4.2.7, 4.1.15, 4.0.15, and 3.5.19. The...
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...