Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-04T00:00:00
Updated: 2024-08-03T14:31:46.361Z
Reserved: 2022-12-04T00:00:00
Link: CVE-2022-46405
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-12-04T04:15:09.380
Modified: 2022-12-06T12:55:10.490
Link: CVE-2022-46405
Redhat
No data.