Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2023/07/06/7 - Mailing List | |
References | () https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6 - Patch, Third Party Advisory | |
References | () https://github.com/mastodon/mastodon/releases/tag/v3.5.9 - Third Party Advisory | |
References | () https://github.com/mastodon/mastodon/releases/tag/v4.0.5 - Third Party Advisory | |
References | () https://github.com/mastodon/mastodon/releases/tag/v4.1.3 - Third Party Advisory | |
References | () https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc - Third Party Advisory |
14 Jul 2023, 19:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Joinmastodon mastodon
Joinmastodon |
|
CPE | cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/mastodon/mastodon/releases/tag/v4.1.3 - Third Party Advisory | |
References | (MISC) https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc - Third Party Advisory | |
References | (MISC) https://github.com/mastodon/mastodon/releases/tag/v4.0.5 - Third Party Advisory | |
References | (MISC) https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6 - Patch, Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/07/06/7 - Mailing List | |
References | (MISC) https://github.com/mastodon/mastodon/releases/tag/v3.5.9 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
07 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-06 19:15
Updated : 2024-11-21 08:09
NVD link : CVE-2023-36461
Mitre link : CVE-2023-36461
CVE.ORG link : CVE-2023-36461
JSON object : View
Products Affected
joinmastodon
- mastodon
CWE
CWE-770
Allocation of Resources Without Limits or Throttling