{"id":"CVE-2018-21018","details":"Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.","modified":"2026-03-14T09:30:41.171134Z","published":"2019-09-22T15:15:13.657Z","references":[{"type":"ADVISORY","url":"https://github.com/tootsuite/mastodon/releases/tag/v2.6.2"},{"type":"ADVISORY","url":"https://github.com/tootsuite/mastodon/releases/tag/v2.6.3"},{"type":"FIX","url":"https://github.com/tootsuite/mastodon/pull/9329"},{"type":"FIX","url":"https://github.com/tootsuite/mastodon/pull/9381"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mastodon/mastodon","events":[{"introduced":"0"},{"fixed":"404dc97fb013b7f835df65dfc22d07f68e482e23"},{"fixed":"a1216e631537b1fbf07f2c8724ac05e757800be6"}]},{"type":"GIT","repo":"https://github.com/tootsuite/mastodon","events":[{"introduced":"0"},{"fixed":"a1216e631537b1fbf07f2c8724ac05e757800be6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.3"}]}}],"versions":["v0.1.0","v0.1.1","v0.1.2","v0.6","v0.7","v0.8","v0.9","v0.9.9","v1.0","v1.1","v1.1.1","v1.1.2","v1.2","v1.2.1","v1.2.2","v1.3","v1.3.1","v1.3.2","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4rc1","v1.4rc2","v1.4rc3","v1.4rc4","v1.4rc5","v1.4rc6","v1.5.0","v1.5.0rc1","v1.5.0rc2","v1.5.0rc3","v1.5.1","v1.6.0","v1.6.0rc1","v1.6.0rc2","v1.6.0rc3","v1.6.0rc4","v1.6.0rc5","v1.6.1","v2.0.0","v2.0.0rc1","v2.0.0rc2","v2.0.0rc3","v2.0.0rc4","v2.1.0","v2.1.0rc1","v2.1.0rc2","v2.1.0rc3","v2.1.0rc4","v2.1.0rc5","v2.1.0rc6","v2.1.1","v2.1.2","v2.1.3","v2.2.0","v2.2.0rc1","v2.2.0rc2","v2.3.0","v2.3.0rc1","v2.3.0rc2","v2.3.0rc3","v2.3.1","v2.3.1rc1","v2.3.1rc2","v2.3.1rc3","v2.3.2","v2.3.2rc1","v2.3.2rc2","v2.3.2rc3","v2.3.2rc4","v2.3.2rc5","v2.4.0","v2.4.0rc1","v2.4.0rc2","v2.4.0rc3","v2.4.0rc4","v2.4.0rc5","v2.4.1","v2.4.1rc1","v2.4.1rc2","v2.4.1rc3","v2.4.1rc4","v2.4.2","v2.4.2rc1","v2.4.2rc2","v2.4.2rc3","v2.4.3","v2.4.3rc1","v2.4.3rc2","v2.4.3rc3","v2.5.0","v2.5.0rc1","v2.5.0rc2","v2.6.0","v2.6.0rc1","v2.6.0rc2","v2.6.0rc3","v2.6.0rc4","v2.6.1","v2.6.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-21018.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}