4 matches found
CVE-2026-27477
Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...
CVE-2026-27477
Mastodon CVE-2026-27477 describes an SSRF risk in the FASP feature: unauthenticated registration of a FASP with a base_url that can resolve to an internal address, when the server has EXPERIMENTAL_FEATURES including fasp enabled. Affected: Mastodon versions 4.4.0–4.4.13 and 4.5.0–4.5.6. Impact: s...
Code injection
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space...
Octopus Server 安全漏洞
Octopus Server is an automated deployment platform. A security vulnerability exists in Octopus Server versions after 2022.1.1495 and before 2022.1.2647, which stems from the fact that all new users can access the scripting console within their private space if private space is enabled via the...