CVE-2023-49952

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 79

Summary

CVE-2023-49952 is a vulnerability affecting Mastodon versions 4.1.x before 4.1.17 and 4.2.x before 4.2.9. This issue allows an attacker to bypass rate limiting by crafting a specific HTTP request header, potentially leading to excessive traffic and denial of service. The vulnerability may enable attackers to flood servers with malicious requests, potentially causing service disruption and resource exhaustion. Mastodon users are encouraged to update their software to the latest versions to mitigate this risk. The vulnerability was discovered and reported to the Mastodon team, who have since released patches to address the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share