(This advisory describes an issue found by Cure53 as part of an audit performed at Mozilla's request)
Using carefully crafted media files, attackers can cause Mastodon's media processing code to create arbitrary files at any location.
Impact
This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution.
ClearlyClaire Remediation developer
cure53 Finder
(This advisory describes an issue found by Cure53 as part of an audit performed at Mozilla's request)
Using carefully crafted media files, attackers can cause Mastodon's media processing code to create arbitrary files at any location.
Impact
This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution.