Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mastodon
(Joinmastodon)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-12-04 | CVE-2022-46405 | Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | Mastodon | 7.5 | ||
| 2022-11-16 | CVE-2022-2166 | Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | Mastodon | 9.8 | ||
| 2022-05-24 | CVE-2022-31263 | app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | Mastodon | 5.3 | ||
| 2022-02-03 | CVE-2022-24307 | Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.) | Mastodon | 9.8 | ||
| 2022-02-02 | CVE-2022-0432 | Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. | Mastodon | 6.1 | ||
| 2019-09-22 | CVE-2018-21018 | Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | Mastodon | N/A |