Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joinmastodon Subscribe
Filtered by product Mastodon
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48364 1 Joinmastodon 1 Mastodon 2023-03-10 N/A 4.3 MEDIUM
The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.
CVE-2022-46405 1 Joinmastodon 1 Mastodon 2022-12-06 N/A 7.5 HIGH
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
CVE-2022-2166 1 Joinmastodon 1 Mastodon 2022-11-16 N/A 9.8 CRITICAL
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.
CVE-2022-31263 1 Joinmastodon 1 Mastodon 2022-06-02 5.0 MEDIUM 5.3 MEDIUM
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
CVE-2022-24307 1 Joinmastodon 1 Mastodon 2022-02-09 7.5 HIGH 9.8 CRITICAL
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.)
CVE-2022-0432 1 Joinmastodon 1 Mastodon 2022-02-04 4.3 MEDIUM 6.1 MEDIUM
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
CVE-2018-21018 1 Joinmastodon 1 Mastodon 2019-09-23 7.5 HIGH 9.8 CRITICAL
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.