Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.
History

Fri, 15 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-06T18:57:59.160Z

Updated: 2024-11-15T17:56:02.828Z

Reserved: 2023-06-21T18:50:41.699Z

Link: CVE-2023-36461

cve-icon Vulnrichment

Updated: 2024-08-02T16:45:56.828Z

cve-icon NVD

Status : Modified

Published: 2023-07-06T19:15:10.880

Modified: 2024-11-21T08:09:45.617

Link: CVE-2023-36461

cve-icon Redhat

No data.