Skip Navigation

Arbitrary file creation through media attachments on Mastodon

CVE-2023-36460 is a Mastodon vulnerability where you can send a toot which makes a webshell on instances that process said toot.

Edit: it's already fixed, that's why it was disclosed on GitHub.

3