**TwoTwenty** @twotwenty@qoto.org · Jul 10, 2023, 04:31

**TwoTwenty** @twotwenty@qoto.org · Jul 10, 2023, 04:31

TwoTwenty @twotwenty@qoto.org

Jul 10, 2023, 04:31

TwoTwenty @twotwenty@qoto.org

@freemo CVE-2023-36460 AKA TootRoot

9.9 CVE score

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Jul 10, 2023, 04:31

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Jul 10, 2023, 04:31

Jul 10, 2023, 04:31

🎓 Doc Freemo 🇳🇱 @freemo@qoto.org

@twotwenty huh?

**TwoTwenty** @twotwenty@qoto.org · Jul 10, 2023, 04:37

**TwoTwenty** @twotwenty@qoto.org · Jul 10, 2023, 04:37

Jul 10, 2023, 04:37

TwoTwenty @twotwenty@qoto.org

@freemo A new critical vulnerability found in mastadon that got a 9.9 CVE which apparently is not yet found in the wild but when fully disclosed will be root access from your toot'n server.

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Jul 10, 2023, 04:37

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Jul 10, 2023, 04:37

Jul 10, 2023, 04:37

🎓 Doc Freemo 🇳🇱 @freemo@qoto.org

@twotwenty Oh thanks, I will keep a close eye on it.

**TwoTwenty** @twotwenty@qoto.org · Jul 10, 2023, 04:38

**TwoTwenty** @twotwenty@qoto.org · Jul 10, 2023, 04:38

Jul 10, 2023, 04:38

TwoTwenty @twotwenty@qoto.org

@freemo apparently you will want to get to 4.1.2 ASAP... usually vulns like this come with a few patches over the following xyz short period of time.

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · 2023-07-10T04:40:02Z

🎓 Doc Freemo 🇳🇱 @freemo@qoto.org

@twotwenty well our version doesnt track masto anymore, but I will be pulling a lot in in the near future as im working on the next version.

Jul 10, 2023, 04:40 · · · ·

**Pat** @Pat@qoto.org · Jul 10, 2023, 05:21

**Pat** @Pat@qoto.org · Jul 10, 2023, 05:21

Jul 10, 2023, 05:21

Pat @Pat@qoto.org

@freemo @twotwenty

It apparently was introduced in v3.5.0 and fixed (patched) from v3.5.9 up.

https://nvd.nist.gov/vuln/detail/CVE-2023-36460

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…