Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48364 | 1 Joinmastodon | 1 Mastodon | 2023-03-10 | N/A | 4.3 MEDIUM |
| The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | |||||
| CVE-2022-46405 | 1 Joinmastodon | 1 Mastodon | 2022-12-06 | N/A | 7.5 HIGH |
| Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | |||||
| CVE-2022-2166 | 1 Joinmastodon | 1 Mastodon | 2022-11-16 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | |||||
| CVE-2022-31263 | 1 Joinmastodon | 1 Mastodon | 2022-06-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | |||||
| CVE-2022-24307 | 1 Joinmastodon | 1 Mastodon | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.) | |||||
| CVE-2022-0432 | 1 Joinmastodon | 1 Mastodon | 2022-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. | |||||
| CVE-2018-21018 | 1 Joinmastodon | 1 Mastodon | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | |||||