Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mastodon 安全漏洞
Vulnerability Description
Mastodon是一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.0.2及以前版本存在安全漏洞,该漏洞源于其允许攻击者通过创建bot帐户,在与通配符DNS A记录相关的某些其他服务器上跟随攻击者控制的帐户,从而导致拒绝服务(长Sidekiq pull队列),这样攻击者生成的消息就会不受控制地递归。
CVSS Information
N/A
Vulnerability Type
N/A