Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover(github.com)

posted 8 months ago

Arthur Besse@lemmy.ml

fediverse@lemmy.ml

4 commentshide report

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

Arthur Besse@lemmy.mlOP

0 points

8 months ago

The lack of details in the advisory is only a minor impediment for a malicious person who wants to figure out how to implement their own exploit for this vulnerability. Anyone can read the patch that fixes it and figure it out.

TLDR: if you run your own instance, update it ASAP. If an instance you rely on hasn’t updated yet, consider asking its admins to do so. And if they don’t update it soon, you might want to reconsider your choice of instance.

permalink

report

parent

[ - ]

elvith@feddit.de

0 points

8 months ago

And if they don’t update it soon, you might want to reconsider your choice of instance.

The advisory went up about 4h ago. About 3h ago, my instance admin sent out an announcement that the patch had been applied. That was before I even heard about the issue.

Nice work :)

permalink

report

parent

Fediverse

!fediverse@lemmy.ml

Create post

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

Community stats

634
Monthly active users
275
Posts
1.3K
Comments

Community stats

Community moderators