BIT-mastodon-2026-33869

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mastodon/BIT-mastodon-2026-33869.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mastodon-2026-33869

Aliases

CVE-2026-33869
GHSA-q4g8-82c5-9h33

Published

2026-03-31T08:45:37.827Z

Modified

2026-04-02T13:41:01.657554890Z

Summary

Mastodon has a denial of service for quote authorization

Details

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / mastodon

Package

Name: mastodon
Purl: pkg:bitnami/mastodon

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

4.4.0

Fixed

4.4.15

Introduced

4.5.0

Fixed

4.5.8

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mastodon/BIT-mastodon-2026-33869.json"