this post was submitted on 01 Feb 2024
185 points (99.5% liked)

Fediverse

17795 readers
65 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 29 points 10 months ago (10 children)

This advisory will be edited with more details on 2024/02/15, when admins have been given some time to update, as we think any amount of detail would make it very easy to come up with an exploit.

But the commit to fix insufficient origin validation is already visible right there in the repo?

[–] pelespirit 4 points 10 months ago (3 children)

Could you explain what you're saying in common language?

[–] [email protected] 22 points 10 months ago* (last edited 10 months ago) (2 children)

The lack of details in the advisory is only a minor impediment for a malicious person who wants to figure out how to implement their own exploit for this vulnerability. Anyone can read the patch that fixes it and figure it out.

TLDR: if you run your own instance, update it ASAP. If an instance you rely on hasn't updated yet, consider asking its admins to do so. And if they don't update it soon, you might want to reconsider your choice of instance.

load more comments (1 replies)
load more comments (1 replies)
load more comments (7 replies)