Path Traversal Vulnerability in Mastodon Media File Handler
- 07/07/2023 --- v1.0 -- Initial publication
A critical security vulnerability has been discovered in Mastodon versions up to 3.5.8/4.0.4/4.1.2. This vulnerability, identified as a path traversal issue, affects the Media File Handler component of Mastodon. Exploitation of this vulnerability could allow an attacker to create or overwrite any file that Mastodon has access to, potentially leading to Denial of Service (DoS) and arbitrary Remote Code Execution (RCE).
No additional technical details nor Proof of Concept is available at this time. This Security Advisory will be updated accordingly when the information is available.
Mastodon versions 3.5.0 and above up to 3.5.8/4.0.4/4.1.2 are affected by this vulnerability.
Users of affected versions are advised to upgrade to the patched versions immediately. The vulnerability has been fixed in the following versions: