Vulnerabilities tagged "desync"

Usurping Mastodon instances - [CVE-2023-42451]

Normalization gone wrong, Mastodon, when attempting to normalize a domain would intend to remove any trailing `/`from it, however they did this using `.delete("/")` which removes all `/` characters from the string instead of just a trailing `/`. This meant that someone could use an account like `` to spoof the account ``.