Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: tests.home-assistant-component-tests.mastodon

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-33869
4.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
Mastodon has a denial of service for quote authorization

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

Affected products

mastodon
  • ==>= 4.5.0, < 4.5.8
  • ==>= 4.4.0, < 4.4.15

Matching in nixpkgs

pkgs.mastodon

Self-hosted, globally interconnected microblogging software based on ActivityPub

pkgs.mastodon-bot

Bot to publish twitter, tumblr or rss posts to an mastodon account.

Package maintainers