2 matches found
CVE-2025-54879 Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails
Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the...
PT-2025-32007 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 3.1.5 through 4.2.24 Mastodon versions 4.3.0 through 4.3.11 Mastodon versions 4.4.0 through 4.4.3 Description: Mastodon’s rate-limiting system contains a configuration error where the email-based throttle for confirmation...