Vulnerability Management

Critical Mastodon vulnerabilities addressed

Five security vulnerabilities have been patched by decentralized social networking platform Mastodon as part of a security update, according to The Hacker News. Threat actors could leverage the most severe flaw, tracked as CVE-2023-36460, to use the platform's media attachments for file creation and overwriting to later facilitate denial-of-service and arbitrary remote code execution attacks. On the other hand, another critical vulnerability, tracked as CVE-2023-36459, could be used to enable arbitrary HTML injections into oEmbed preview cards that evade the HTML sanitization process of Mastodon and allow cross-site scripting payloads. Mastodon has also addressed three high- and medium-severity bugs, including a flaw allowing DoS via slow HTTP responses, another that involves the injection of blind LDAP in login, and a verified profile link formatting issue. Users have been urged to ensure the immediate application of appropriate updates in their subscribed instances to prevent any compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.