Mastodon Social Network Patches Critical Flaws Allowing Server Takeover

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "instances," and it has over 14...

CVE-2023-36459

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...

Mastodon 跨站脚本漏洞

Mastodon is an open source social network server based on ActivityPub. Mastodon suffers from a cross-site scripting vulnerability. An attacker exploits this vulnerability to bypass HTML cleanup and include arbitrary HTML in oEmbed preview cards...

PT-2023-7453 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 1.3 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 Description: The issue is related to the processing of oEmbed data in Mastodon, which can allow an attacker to bypass HTML...