CNNVD-202601-1447 Information
CNNVD ID
CNNVD-202601-1447
Related CVE
- CNNVD Published: 2026-01-08
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.5.4之前版本、4.4.11之前版本、4.3.17之前版本和4.2.29之前版本存在代码问题漏洞,该漏洞源于缺少IP地址范围限制,可能导致本地网络请求。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There is a code gap in previous versions of Mastodon 4.5.4, 4.4.11, 4.3.17 and 4.2.29, which stems from the lack of IP address scope limitations, which may lead to local network requests.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Mastodon
Published
2026-01-08
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/commit/0f4e8a6240b5af1f2c3f34d2793d8610c6ef2aca https://github.com/mastodon/mastodon/commit/71ae4cf2cf5138ccdda64b1b1d665849b688686d https://github.com/mastodon/mastodon/security/advisories/GHSA-xfrj-c749-jxxq https://github.com/mastodon/mastodon/commit/17022907866710a72a1b1fc0a5ce9538bad1b4c3 https://access.redhat.com/security/cve/cve-2026-22245
Patch
https://github.com/mastodon/mastodon/releases
Share on: