Vulnerabilities > Joinmastodon > Mastodon > 2.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-01 | CVE-2024-23832 | Authentication Bypass by Spoofing vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. | 9.8 |
2023-09-19 | CVE-2023-42451 | Use of Incorrectly-Resolved Name or Reference vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 7.5 |
2023-07-06 | CVE-2023-36462 | Unspecified vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 5.4 |
2023-07-06 | CVE-2023-36459 | Cross-site Scripting vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 6.1 |
2023-07-06 | CVE-2023-36461 | Allocation of Resources Without Limits or Throttling vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 7.5 |
2023-04-04 | CVE-2023-28853 | LDAP Injection vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. | 6.5 |
2022-12-04 | CVE-2022-46405 | Uncontrolled Recursion vulnerability in Joinmastodon Mastodon Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | 7.5 |
2022-11-16 | CVE-2022-2166 | Improper Restriction of Excessive Authentication Attempts vulnerability in Joinmastodon Mastodon Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | 9.8 |