Four vulnerabilities in the microblogging platform Mastodon were patched late last week, sparking new questions about the decentralized platform’s security, with overtones of the open source debates of yesteryear. Security advisories published to GitHub by Mastodon founder Eugen Rochko included cross-site scripting (XSS), arbitrary file creation, and denial-of-service (DoS) vulnerabilities, as well as a weakness enabling attackers to arbitrarily hide parts of URLs.

Source: Dark Reading: Cloud