CNNVD-202512-1745 Information
CNNVD ID
CNNVD-202512-1745
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon存在安全漏洞,该漏洞源于错误处理不一致,可能导致状态存在性泄露。以下版本受到影响:4.2.27及之前版本、4.3.0-beta.1版本至4.3.14版本、4.4.0-beta.1版本至4.4.9版本和4.5.0-beta.1版本至4.5.2版本。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There was a security loophole in Mastodon, which stemmed from a lack of consistency in the handling of errors, which could lead to a situation of sexual disclosure. The following versions were affected: 4.2.27 and earlier, 4.3.0-beta.1 to 4.3.14, 4.4.0-beta.1 to 4.4.9 and 4.5.0-beta.1 to 4.5.2.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Mastodon
Published
2025-12-10
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/pull/37077/commits/9957d3218cb33fea6a44bb285e2ba4795a059e4f https://github.com/mastodon/mastodon/security/advisories/GHSA-gwhw-gcjx-72v8
Patch
https://github.com/mastodon/mastodon/releases
Share on: