Clearlyclaire

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 4.5.0 through 4.5.7 Mastodon versions 4.4.0 through 4.4.14 **Description** Mastodon is a free, open-source social network server based on ActivityPub. An attacker who is aware of a quote before it has reached a server can prevent the quote from being correctly processed on that server. This issue affects versions 4.5.x prior to 4.5.8 and 4.4.x prior to 4.4.15. Versions 4.3 and earlier are not affected as they do not support quotes. **Recommendations** Update Mastodon to version 4.5.8 or later. Update Mastodon to version 4.4.15 or later.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 2.6.0 through 4.1.17 Mastodon versions 4.2.0 through 4.2.9 **Description** Mastodon is a self-hosted, federated microblogging platform. By crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. **Recommendations** For Mastodon versions 2.6.0 through 4.1.17, update to version 4.1.18 or later. For Mastodon versions 4.2.0 through 4.2.9, update to version 4.2.10 or later.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 1.6.0 through 3.3.2 Mastodon versions 3.4.x through 3.4.5 **Description** The issue is related to incorrect access control due to the failure to compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0. **Recommendations** For Mastodon versions 1.6.0 through 3.3.2, update to version 3.3.2 or later. For Mastodon versions 3.4.x through 3.4.5, update to version 3.4.6 or later.