{"id":52678,"date":"2023-07-07T01:15:34","date_gmt":"2023-07-07T01:15:34","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34773\/Mastodon-Fixes-Critical-TootRoot-Vuln-Allowing-Node-Jacking.html"},"modified":"2023-07-07T01:15:34","modified_gmt":"2023-07-07T01:15:34","slug":"mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/","title":{"rendered":"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security-800x450.jpg\" alt=\"Mastodon fixes critical \u201cTootRoot\u201d vulnerability allowing node hijacking\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2023\/07\/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">25<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/aside>\n<p> <!-- cache hit 68:single\/related:299146a6bea0a57ca75cf8ddefb5b3ff --><!-- empty --><\/p>\n<p>The maintainers of the open source software that powers the Mastodon social network published a security update on Thursday that patches a critical vulnerability making it possible for hackers to backdoor the servers that push content to individual users.<\/p>\n<p>Mastodon is based on a federated model. The federation comprises thousands of separate servers known as &#8220;instances.&#8221; Individual users create an account with one of the instances, which in turn exchange content to and from users of other instances. To date, Mastodon has more than 12,000 instances and 14.5 million users, according to <a href=\"https:\/\/fedidb.org\/network\/instance\/mastodon.social\">fedidb.org\/<\/a>, a site that tracks statistics related to Mastodon.<\/p>\n<p>A critical bug tracked as CVE-2023-36460 was one of two vulnerabilities rated as critical that were <a href=\"https:\/\/github.com\/mastodon\/mastodon\/security\/advisories\">fixed on Thursday<\/a>. In all, Mastodon on Thursday patched five vulnerabilities.<\/p>\n<p>So far, Mastodon gGmbH, the nonprofit that maintains the software instances uses to operate the social network, has released few details about CVE-2023-36460 other than to <a href=\"https:\/\/github.com\/mastodon\/mastodon\/security\/advisories\/GHSA-9928-3cp5-93fm\">describe it<\/a> as an \u201carbitrary file creation through media attachments\u201d flaw.<\/p>\n<p>\u201cUsing carefully crafted media files, attackers can cause Mastodon&#8217;s media processing code to create arbitrary files at any location,&#8221; Mastodon said. &#8220;This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution.\u201d<\/p>\n<p>In a <a href=\"https:\/\/cyberplace.social\/@GossiTheDog\/110667416012211236\">Mastodon post<\/a>, independent security researcher Kevin Beaumont went a step further, writing that exploiting the vulnerability allowed someone \u201cto send a toot which makes a webshell on instances that process said toot.\u201d He coined the name #TootRoot because user posts, known as toots, allowed hackers to potentially gain root access to instances.<\/p>\n<p>An attacker with control over thousands of instances could inflict all kinds of harm on individual users and possibly the larger Internet. For example, hijacked instances could send alerts to users instructing them to download and install malicious apps or bring the entire infrastructure to a halt. There are no indications that the bug has ever been exploited.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Thursday\u2019s patch is the product of recent penetration testing work that the Mozilla Foundation funded, Renaud Chaput, cofounder and CTO of Notos, told Ars. He said a firm called <a href=\"https:\/\/cure53.de\/\">Cure53<\/a> performed the pentesting and that the code fixes were developed by the several-person team inside the Mastodon nonprofit. Mozilla has announced plans to create its own Mastodon instance. Chaput said that Mastodon sent pre-announcements to large servers in recent weeks, informing them of the fix so they would be ready to patch quickly.<\/p>\n<p>In all, Mastodon\u2019s Thursday patch batch fixed five vulnerabilities. One of the bugs, tracked as CVE-2023-36459, also carried a critical severity rating. Mastodon\u2019s <a href=\"https:\/\/github.com\/mastodon\/mastodon\/security\/advisories\/GHSA-ccm4-vgcc-73hp\">bare-bones writeup<\/a> described the flaw as an \u201cXSS through oEmbed preview cards.\u201d<\/p>\n<p>It continued: \u201cUsing carefully crafted oEmbed data, an attacker can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for Cross-site-scripting (XSS) payloads that can be rendered in the user&#8217;s browser when a preview card for a malicious link is clicked through.\u201d<\/p>\n<p>XSS exploits allow hackers to inject malicious code into websites, which in turn cause it to run in the browsers of people visiting the site. oEmbed is an open format for allowing an embedded representation of a URL on third-party sites. No other details about the vulnerability were immediately available.<\/p>\n<p>The three other vulnerabilities carried high and medium severity ratings. They included a \u201cBlind LDAP injection in login [that[ allows the attacker to leak arbitrary attributes from LDAP database,\u201d \u201cDenial of Service through slow HTTP responses,\u201d and \u201cVerified profile links [that] can be formatted in a misleading way.\u201d<\/p>\n<p>The patches come as social media behemoth Meta rolled out a new service intended to pick up Twitter users who are leaving the platform. There\u2019s no action individual Mastodon users need to take other than to ensure that the instance they\u2019re subscribed to has installed the updates.<\/p>\n<p><em>Updated to fix description of Cure53.<\/em><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34773\/Mastodon-Fixes-Critical-TootRoot-Vuln-Allowing-Node-Jacking.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":52679,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10589],"class_list":["post-52678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflawsocial"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-07T01:15:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security-800x450.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking\",\"datePublished\":\"2023-07-07T01:15:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/\"},\"wordCount\":665,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg\",\"keywords\":[\"headline,flaw,social\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/\",\"name\":\"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg\",\"datePublished\":\"2023-07-07T01:15:34+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,social\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflawsocial\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/","og_locale":"en_US","og_type":"article","og_title":"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-07-07T01:15:34+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/07\/exploit-vulnerability-security-800x450.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking","datePublished":"2023-07-07T01:15:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/"},"wordCount":665,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg","keywords":["headline,flaw,social"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/","url":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/","name":"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg","datePublished":"2023-07-07T01:15:34+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/07\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/mastodon-fixes-critical-tootroot-vuln-allowing-node-jacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,social","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawsocial\/"},{"@type":"ListItem","position":3,"name":"Mastodon Fixes Critical TootRoot Vuln Allowing Node Jacking"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52678"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52678\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/52679"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}