PT-2024-13840 · Mastodon · Mastodon
Eichner
·
Published
2024-11-18
·
Updated
2025-05-08
·
CVE-2023-49952
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mastodon versions 4.1.x through 4.1.16
Mastodon versions 4.2.x through 4.2.8
Description
The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request header to circumvent the rate limiting protections in place.
Recommendations
For Mastodon versions 4.1.x through 4.1.16, update to version 4.1.17 or later.
For Mastodon versions 4.2.x through 4.2.8, update to version 4.2.9 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mastodon