Mastodon, a social media platform offering an alternative to Twitter, has released a security fix for five vulnerabilities, the majority of which were rated as high or critical severity. The flaws included a vulnerability that could have allowed attackers to create and overwrite any file accessible to Mastodon, potentially leading to Denial of Service (DoS) attacks and remote code execution. Another vulnerability involved the ability to disguise URLs, potentially redirecting users to phishing or malware sites. Other vulnerabilities addressed DoS attacks, cross-site scripting (XSS), and information leakage from the LDAP database.
