Mastodon Invalid Domain Name Normalization vulnerability
CVE-2023-42451

7.4HIGH

Key Information:

Vendor: Mastodon
Status: Mastodon
Vendor: CVE Published:; 19 September 2023

What is CVE-2023-42451?

A vulnerability in Mastodon allows attackers to exploit a flaw in how domain names are normalized, enabling them to spoof domains not owned by them. This risk affects versions prior to 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, which have been patched to mitigate this threat. Users are advised to update to secure versions to protect against potential domain spoofing attacks.

Affected Version(s)

mastodon < 3.5.14 < 3.5.14

mastodon >= 4.0.0, < 4.0.10 < 4.0.0, 4.0.10

mastodon >= 4.1.0, < 4.1.8 < 4.1.0, 4.1.8

References

https://github.com/mastodon/mastodon/security/advisories/...

x_refsource_CONFIRM

https://github.com/mastodon/mastodon/commit/eeab3560fc051...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Sep 8, 2023

JSON