Описание
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.
Ссылки
- Mailing List
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing List
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.9 Critical
CVSS3
Дефекты
Связанные уязвимости
Mastodon is a free, open-source social network server based on Activit ...
Уязвимость компонента Media File Handler веб-приложения для развёртывания распределённых социальных сетей Mastodon, позволяющая злоумышленнику создать и перезаписать произвольные файлы в системе
EPSS
9.9 Critical
CVSS3