### Summary
Due to a gap in validation of federated content in the affected Mastodon versions, attackers can craft payloads that impersonate remote federated accounts as-seen-from the affected s...
The lack of details in the advisory is only a minor impediment for a malicious person who wants to figure out how to implement their own exploit for this vulnerability. Anyone can read the patch that fixes it and figure it out.
TLDR: if you run your own instance, update it ASAP. If an instance you rely on hasn’t updated yet, consider asking its admins to do so. And if they don’t update it soon, you might want to reconsider your choice of instance.
And if they don’t update it soon, you might want to reconsider your choice of instance.
The advisory went up about 4h ago. About 3h ago, my instance admin sent out an announcement that the patch had been applied. That was before I even heard about the issue.
The lack of details in the advisory is only a minor impediment for a malicious person who wants to figure out how to implement their own exploit for this vulnerability. Anyone can read the patch that fixes it and figure it out.
TLDR: if you run your own instance, update it ASAP. If an instance you rely on hasn’t updated yet, consider asking its admins to do so. And if they don’t update it soon, you might want to reconsider your choice of instance.
The advisory went up about 4h ago. About 3h ago, my instance admin sent out an announcement that the patch had been applied. That was before I even heard about the issue.
Nice work :)
deleted by creator
not the person you’re replying to but yes, anyone on an unpatched server is vulnerable