CVE-2024-37903

Name of the Vulnerable Software and Affected Versions Mastodon versions 2.6.0 through 4.1.17 Mastodon versions 4.2.0 through 4.2.9

Description Mastodon is a self-hosted, federated microblogging platform. By crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them.

Recommendations For Mastodon versions 2.6.0 through 4.1.17, update to version 4.1.18 or later. For Mastodon versions 4.2.0 through 4.2.9, update to version 4.2.10 or later.