CNNVD-202601-3907 Information

CNNVD ID

CNNVD-202601-3907

Related CVE

CVE-2026-23962

• CNNVD Published: 2026-01-22

Description (Chinese)

Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon v4.3.18之前版本、v4.4.12之前版本和v4.5.5之前版本存在安全漏洞，该漏洞源于未限制远程帖子投票选项的最大数量，可能导致资源消耗过大和拒绝服务。

Description (English)

Mastodon is an open-source social network server based on ActivityPub. Pre-Mastodon v4.3.18, pre-v4.4.12 and pre-v4.5.5 had a security gap, which stemmed from the fact that there was no limit on the maximum number of remote ballot options, which could lead to over-consumption of resources and denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Mastodon

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/mastodon/mastodon/releases/tag/v4.3.18 https://github.com/mastodon/mastodon/releases/tag/v4.4.12 https://github.com/mastodon/mastodon/releases/tag/v4.5.5 https://github.com/mastodon/mastodon/security/advisories/GHSA-gg8q-rcg7-p79g

Patch

https://joinmastodon.org/zh