64
submitted 1 year ago* (last edited 1 year ago) by edu4rdshl@lemmy.world to c/technology@lemmy.world

CVE-2023-36460 is a Mastodon vulnerability where you can send a toot which makes a webshell on instances that process said toot.

Edit: it's already fixed, that's why it was disclosed on GitHub.

The security advisory: https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm

top 3 comments
sorted by: hot top controversial new old
[-] alphapuggle@programming.dev 6 points 1 year ago

Not sure if this is related, but I think they pushed an update for it https://mastodon.social/@Mastodon/110667890329356603

[-] edu4rdshl@lemmy.world 5 points 1 year ago

Yes, it's already fixed, that's why it was disclosed on Github. I will edit the post to reflect that.

[-] Lemmesee@lemm.ee 1 points 1 year ago
this post was submitted on 06 Jul 2023
64 points (97.1% liked)

Technology

59598 readers
1925 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS