Sugar700

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 4.2.27 and prior Mastodon versions 4.3.0-beta.1 through 4.3.14 Mastodon versions 4.4.0-beta.1 through 4.4.9 Mastodon versions 4.5.0-beta.1 through 4.5.2 **Description** Mastodon, a free and open-source social network server based on ActivityPub, contains discrepancies in error handling. An attacker with knowledge of a status identifier, even if unauthorized to view it, can determine the status's existence by sending a request with a non-English `Accept-Language` header. This does not allow access to the status content or any other properties beyond its existence. **Recommendations** Update to Mastodon version 4.2.28 or later. Update to Mastodon version 4.3.15 or later. Update to Mastodon version 4.4.10 or later. Update to Mastodon version 4.5.3 or later.