Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://misskey.bubbletea.dev/notes/9s5yzj5xjg">Evelyn fra denne andre øya (evelyn@misskey.bubbletea.dev)'s status on Tuesday, 16-Apr-2024 22:29:23 JST</a><a href="https://misskey.bubbletea.dev/@evelyn" title="evelyn@misskey.bubbletea.dev"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Evelyn fra denne andre øya" style="position: absolute; left: 0; top: 0;">Evelyn fra denne andre øya</a><div><ul><li></ul></div></section><article><p><a href="https://ihatebeinga.live/users/FloatingGhost">@FloatingGhost@ihatebeinga.live</a> modifying the source code could theoretically get you in, but yeah, without a way to recompile and reload that specific module immediately, which I feel reasonably confident in saying an attacker lacks without immediate RCE, this doesn't equal instant RCE. Same goes for modifying the BEAM file, it won't be spontaneously loaded and ran.<br><br>If this vulnerability were real, this would make the lack of disclosure even more ridiculous, since it'd be a ticking time bomb, and not a fait accompli that every instance is already compromised.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2947972#notice-5861815">In conversation</a><time datetime="2024-04-16T22:29:23+09:00" title="Tuesday, 16-Apr-2024 22:29:23 JST">about 8 months ago</time> <span>from <span><a href="https://misskey.bubbletea.dev/notes/9s5yzj5xjg" rel="external" title="Sent from misskey.bubbletea.dev via ActivityPub">misskey.bubbletea.dev</a></span></span><a href="https://misskey.bubbletea.dev/notes/9s5yzj5xjg">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Evelyn fra denne andre øya (evelyn@misskey.bubbletea.dev)'s status on Tuesday, 16-Apr-2024 22:29:23 JSTEvelyn fra denne andre øya
- :sprout: evil mental tofu haver
@FloatingGhost@ihatebeinga.live modifying the source code could theoretically get you in, but yeah, without a way to recompile and reload that specific module immediately, which I feel reasonably confident in saying an attacker lacks without immediate RCE, this doesn't equal instant RCE. Same goes for modifying the BEAM file, it won't be spontaneously loaded and ran.

If this vulnerability were real, this would make the lack of disclosure even more ridiculous, since it'd be a ticking time bomb, and not a fait accompli that every instance is already compromised.
In conversationabout 8 months ago from misskey.bubbletea.devpermalink

Public

Embed Notice

HTML Code

Corresponding Notice