CVE-2022-46405

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-46405

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46405.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-46405

Aliases

BIT-mastodon-2022-46405

Published

2022-12-04T04:15:09.380Z

Modified

2026-04-12T04:18:29.697214Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.

References

Affected packages

Git / github.com/mastodon/mastodon

Affected ranges

Type

GIT

Repo

https://github.com/mastodon/mastodon

Events

Introduced

Last affected

03b0f3ac83edfc46d304bfca1539ca6000e36fc3

Database specific

{
    "cpe": "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.2"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.6

v0.7

v0.8

v0.9

v0.9.9

v1.*

v1.0

v1.1

v1.1.1

v1.1.2

v1.2

v1.2.1

v1.2.2

v1.3

v1.3.1

v1.3.2

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4rc1

v1.4rc2

v1.4rc3

v1.4rc4

v1.4rc5

v1.4rc6

v1.5.0

v1.5.0rc1

v1.5.0rc2

v1.5.0rc3

v1.5.1

v1.6.0

v1.6.0rc1

v1.6.0rc2

v1.6.0rc3

v1.6.0rc4

v1.6.0rc5

v1.6.1

v2.*

v2.0.0

v2.0.0rc1

v2.0.0rc2

v2.0.0rc3

v2.0.0rc4

v2.1.0

v2.1.0rc1

v2.1.0rc2

v2.1.0rc3

v2.1.0rc4

v2.1.0rc5

v2.1.0rc6

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.2.0rc1

v2.2.0rc2

v2.3.0

v2.3.0rc1

v2.3.0rc2

v2.3.0rc3

v2.3.1

v2.3.1rc1

v2.3.1rc2

v2.3.1rc3

v2.3.2

v2.3.2rc1

v2.3.2rc2

v2.3.2rc3

v2.3.2rc4

v2.3.2rc5

v2.4.0

v2.4.0rc1

v2.4.0rc2

v2.4.0rc3

v2.4.0rc4

v2.4.0rc5

v2.4.1

v2.4.1rc1

v2.4.1rc2

v2.4.1rc3

v2.4.1rc4

v2.4.2

v2.4.2rc1

v2.4.2rc2

v2.4.2rc3

v2.4.3

v2.4.3rc1

v2.4.3rc2

v2.4.3rc3

v2.5.0

v2.5.0rc1

v2.5.0rc2

v2.6.0

v2.6.0rc1

v2.6.0rc2

v2.6.0rc3

v2.6.0rc4

v2.6.1

v2.7.0

v2.7.0rc1

v2.7.0rc2

v2.7.0rc3

v2.7.1

v2.8.0

v2.8.0rc1

v2.8.0rc2

v2.8.0rc3

v2.8.1

v2.8.2

v2.9.0

v2.9.0rc1

v2.9.0rc2

v2.9.1

v2.9.2

v3.*

v3.0.0

v3.0.0rc1

v3.0.0rc2

v3.0.0rc3

v3.0.1

v3.1.0

v3.1.0rc1

v3.1.0rc2

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.2.0

v3.2.0rc1

v3.2.0rc2

v3.3.0

v3.3.0rc1

v3.3.0rc2

v3.3.0rc3

v3.4.0

v3.4.0rc1

v3.4.0rc2

v3.4.1

v3.5.0

v3.5.0rc1

v3.5.0rc2

v3.5.0rc3

v3.5.1

v3.5.2

v3.5.3

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v4.0.0rc3

v4.0.0rc4

v4.0.1

v4.0.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46405.json"