Mastodon@4.2.0 Security Vulnerabilities and Issues — Mastodon@4.2.0 CVE List

Lucene search

JoinmastodonMastodon4.2.0

3 matches found

CVE•added 2023/09/19 4:15 p.m.•42 views

CVE-2023-42452

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to exe...

6.1CVSS5.9AI score0.00476EPSS

CVE•added 2023/09/19 4:15 p.m.•36 views

CVE-2023-42450

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if t...

7.5CVSS6.4AI score0.0028EPSS

CVE•added 2023/09/19 4:15 p.m.•32 views

CVE-2023-42451

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 ...

7.5CVSS7.3AI score0.00174EPSS