CVE-2023-49952: XSS
First published: Mon Nov 18 2024(Updated: )
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mastodon | <4.1.17<4.2.9 | |
| Mastodon | >=4.1.0<4.1.17 | |
| Mastodon | >=4.2.0<4.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-49952?
CVE-2023-49952 has a severity rating that indicates the potential for significant impact on the affected systems due to rate limiting bypass.
How do I fix CVE-2023-49952?
To fix CVE-2023-49952, upgrade to Mastodon version 4.1.17 or 4.2.9 or later, which addresses the vulnerability.
What versions of Mastodon are affected by CVE-2023-49952?
Mastodon versions prior to 4.1.17 and 4.2.9 are affected by CVE-2023-49952.
What does CVE-2023-49952 exploit?
CVE-2023-49952 exploits a misconfiguration allowing attackers to bypass rate limiting through crafted HTTP request headers.
Is there any workaround for CVE-2023-49952?
There are no recommended workarounds for CVE-2023-49952; the best mitigation is upgrading to the patched versions.
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mastodon
- canonical/mastodon
- vendor/joinmastodon
- version/mastodon/4.1.0
- version/mastodon/4.2.0