CVE-2023-49952
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-49952 is a vulnerability affecting Mastodon versions 4.1.x before 4.1.17 and 4.2.x before 4.2.9. This issue allows an attacker to bypass rate limiting by crafting a specific HTTP request header, potentially leading to excessive traffic and denial of service. The vulnerability may enable attackers to flood servers with malicious requests, potentially causing service disruption and resource exhaustion. Mastodon users are encouraged to update their software to the latest versions to mitigate this risk. The vulnerability was discovered and reported to the Mastodon team, who have since released patches to address the issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Mastodon
Affected Vendors
- Mastodon gGmbH