漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring
Vulnerability Description
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to re-arrange a valid signed JSON-LD activity from a third-party actor to have it processed differently. This vulnerability is fixed in 4.5.10, 4.4.17, and 4.3.23.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Mastodon 加密问题漏洞
Vulnerability Description
Mastodon是Mastodon组织的一款去中心化社交网络服务器软件。 Mastodon 4.5.10之前版本、4.4.17之前版本和4.3.23之前版本存在加密问题漏洞,该漏洞源于对具有链式数据签名的传入活动规范化处理不足,可能导致攻击者能够重新排列来自第三方的有效签名JSON-LD活动,使其以不同方式处理。
CVSS Information
N/A
Vulnerability Type
N/A