YouTube player

Mastodon, the free and open-source software for running self-hosted social networking services, had recently patched four vulnerabilities. One of those vulnerabilities is the TootRoot vulnerability which has a critical severity rating and is tracked as CVE-2023-36460. Attackers can exploit the vulnerability by using media files on toots to perform attacks like denial of service and arbitrary remote code execution. Mastodon has around 8.8 million users across 13,000 server instances. They are a twitter alternative and the decentralised social networking platform is managed by volunteers across many federated communities. That critical vulnerability along with the other three that were recently patched were discovered in an independent audit of Mastodon’s code at Mozilla’s requested.

This segment was created for the It’s 5:05 podcast