Follow

@freemo CVE-2023-36460 AKA TootRoot

9.9 CVE score

@freemo A new critical vulnerability found in mastadon that got a 9.9 CVE which apparently is not yet found in the wild but when fully disclosed will be root access from your toot'n server.

@freemo apparently you will want to get to 4.1.2 ASAP... usually vulns like this come with a few patches over the following xyz short period of time.

@twotwenty well our version doesnt track masto anymore, but I will be pulling a lot in in the near future as im working on the next version.

@freemo @twotwenty

It apparently was introduced in v3.5.0 and fixed (patched) from v3.5.9 up.

nvd.nist.gov/vuln/detail/CVE-2

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.