CVE-2023-42451 Information

Description

Mastodon is a free open-source social network server based on ActivityPub. Prior to versions 3.5.14 4.0.10 4.1.8 and 4.2.0-rc2 under certain circumstances attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14 4.0.10 4.1.8 and 4.2.0-rc2 contain a patch for this issue.

Reference

https://github.com/mastodon/mastodon/commit/eeab3560fc0516070b3fb97e089b15ecab1938c8 https://github.com/mastodon/mastodon/security/advisories/GHSA-v3xf-c9qf-j667