|Number of vulnerabilities||1|
Server applications / Other server solutions
This security bulletin contains one high risk vulnerability.
CWE-284 - Improper Access Control
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions because it does not compact incoming signed JSON-LD activities. A remote attacker can send a specially crafted request and gain unauthorized access to the affected application.Mitigation
Install update from vendor's website.Vulnerable software versions
Mastodon: 3.3.0 - 3.4.5
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?