CVE-2023-36461

Summary

CVE-2023-36461 is a vulnerability affecting the free, open-source social network server Mastodon, based on ActivityPub. Prior to versions 3.5.9, 4.0.5, and 4.1.3, Mastodon's outgoing HTTP queries have a timeout on individual read operations. Malicious servers can exploit this by extending the duration of responses indefinitely through slowloris-type attacks. This can cause all Mastodon workers to become unresponsive, making the server unreachable for an extended period. Versions 3.5.9, 4.0.5, and 4.1.3 have been released with patches to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.