Joinmastodon: >> Mastodon >> 3.5.0 Security Vulnerabilities
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-12-04
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-11-16
Page 3