GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Embed this notice
    Kirino Kousaka (kirino@seal.cafe)'s status on Sunday, 03-Sep-2023 22:17:23 JST Kirino Kousaka Kirino Kousaka

    Be sure to update Pleroma, it fixes a pretty major potential exploit.

    To give context:

    I found a huuuuuge exploit in Pleroma which (in my opinion) had the capacity to surpass the recent one in terms of damage to the userbase.

    The reason for this simply being it did not require token hijacking and was able to be exploited by any user on any instance with around 30-40 lines of code.

    It would have been super scary (scarier than spooky Kirino!!) But I sent it to the right people and an update has gone through that fixes it

    You can all thank and give me praise later ^^

    Also big ups to @cassidyclown for helping me run some tests when I first discovered the exploit and @mint for actually digging through the dumpster fire of a backend and submitting a merge request.

    In conversation Sunday, 03-Sep-2023 22:17:23 JST from seal.cafe permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.