Vulnerabilities > Joinmastodon > Mastodon > 0.1.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2024-23832 Authentication Bypass by Spoofing vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.
network
low complexity
joinmastodon CWE-290
critical
9.8
2023-09-19 CVE-2023-42451 Use of Incorrectly-Resolved Name or Reference vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-706
7.5
2023-07-06 CVE-2023-36461 Allocation of Resources Without Limits or Throttling vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub.
network
low complexity
joinmastodon CWE-770
7.5
2022-12-04 CVE-2022-46405 Uncontrolled Recursion vulnerability in Joinmastodon Mastodon
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
network
low complexity
joinmastodon CWE-674
7.5
2022-11-16 CVE-2022-2166 Improper Restriction of Excessive Authentication Attempts vulnerability in Joinmastodon Mastodon
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.
network
low complexity
joinmastodon CWE-307
critical
9.8
2022-05-24 CVE-2022-31263 Unspecified vulnerability in Joinmastodon Mastodon
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
network
low complexity
joinmastodon
5.0
2022-02-03 CVE-2022-24307 Incorrect Authorization vulnerability in Joinmastodon Mastodon
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities.
network
low complexity
joinmastodon CWE-863
7.5
2022-02-02 CVE-2022-0432 Unspecified vulnerability in Joinmastodon Mastodon
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
network
joinmastodon
4.3
2019-09-22 CVE-2018-21018 Insufficient Session Expiration vulnerability in Joinmastodon Mastodon
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
network
low complexity
joinmastodon CWE-613
7.5