CVE-2024-34535

MEDIUM5.9EPSS 0.07%

Published: 5/7/2025Modified: 5/17/2025

Description

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N