CVE-2023-42451

Published September 19th, 2023

View on NVD ↗

CVSS v3

7.4

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.

mastodon/mastodon

Your self-hosted, globally interconnected microblogging community

GitHub

50.1K