Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-04T00:00:00
Updated: 2024-08-03T14:31:46.361Z
Reserved: 2022-12-04T00:00:00
Link: CVE-2022-46405
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-04T04:15:09.380
Modified: 2024-11-21T07:30:32.440
Link: CVE-2022-46405
Redhat
No data.