Vulnerabilities > Joinmastodon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-36461 | Unspecified vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub. | 7.5 |
| 2023-04-04 | CVE-2023-28853 | Unspecified vulnerability in Joinmastodon Mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. | 6.5 |
| 2023-03-06 | CVE-2022-48364 | Unspecified vulnerability in Joinmastodon Mastodon 3.5.0/3.5.1/3.5.2 The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | 4.3 |
| 2022-12-04 | CVE-2022-46405 | Uncontrolled Recursion vulnerability in Joinmastodon Mastodon Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. | 7.5 |
| 2022-11-16 | CVE-2022-2166 | Improper Restriction of Excessive Authentication Attempts vulnerability in Joinmastodon Mastodon Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | 9.8 |
| 2022-05-24 | CVE-2022-31263 | Unspecified vulnerability in Joinmastodon Mastodon app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | 5.3 |
| 2022-02-03 | CVE-2022-24307 | Incorrect Authorization vulnerability in Joinmastodon Mastodon Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. | 9.8 |
| 2022-02-02 | CVE-2022-0432 | Unspecified vulnerability in Joinmastodon Mastodon Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. | 6.1 |
| 2019-09-22 | CVE-2018-21018 | Insufficient Session Expiration vulnerability in Joinmastodon Mastodon Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | 9.8 |