Описание
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
Ссылки
- Issue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.2 (включая)
cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00722
Низкий
7.5 High
CVSS3
Дефекты
CWE-674
CWE-674
Связанные уязвимости
CVSS3: 7.5
debian
около 3 лет назад
Mastodon through 4.0.2 allows attackers to cause a denial of service ( ...
CVSS3: 7.5
github
около 3 лет назад
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
EPSS
Процентиль: 72%
0.00722
Низкий
7.5 High
CVSS3
Дефекты
CWE-674
CWE-674