CVSS 3.1 Score 7.5 of 10 (high)


Published Sep 19, 2023
Updated: Feb 16, 2024
CWE ID 918
CWE ID 113


CVE-2023-42450 is a vulnerability affecting Mastodon, a free and open-source social network server based on ActivityPub. The vulnerability exists in versions 4.2.0-beta1 and prior to 4.2.0-rc2, allowing attackers to inject arbitrary data into HTTP requests by manipulating input. If the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to enable access to local exploitable services, this could potentially lead to confused deputy attacks. The issue has been patched in version 4.2.0-rc2 of Mastodon. The vulnerability has a high base severity score of 7.5 according to NVD, indicating a significant potential danger to organizations that use the affected versions of Mastodon.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42450 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options