BIT-MASTODON-2023-42451 Mastodon Invalid Domain Name Normalization vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0 contai...

PT-2023-7360 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.14 Mastodon versions prior to 4.0.10 Mastodon versions prior to 4.1.8 Mastodon versions prior to 4.2.0-rc2 Description: The issue is related to a flaw in domain name normalization, which can be exploited by...