illy [Shrimple-mode] :protomoji_orange_flag_lesbian: (@illyBytes)

@alexia@starlightnet.work

3mo

seeing people that haven't updated in so long that they can no longer migrate the database automatically and are as such stuck on probably The Worst Version Ever of sharkey (in terms of security) is frightening

like. holy shit. why has your instance been running like this

1

:sylveon_shocked@i.use.akkoma.btw.sylveon.social:

1

2

1

2

Alexia

@alexia@starlightnet.work

3mo

not only are you about to have a gigantanormous vulnerability dropped on your head, you probably also have the last 3 gigantanormous vulns running

1

0

1

2

luna sugar🍬🍭🏳️‍⚧️🏳️‍🌈 [migrated to @sugar@snug.moe] @sugar@i.use.akkoma.btw.sylveon.social

3mo

@alexia wait,,, they have the ap/get vulnerability???????

oh no

1

2

0

2

1

luna sugar🍬🍭🏳️‍⚧️🏳️‍🌈 [migrated to @sugar@snug.moe] @sugar@i.use.akkoma.btw.sylveon.social

3mo

@alexia oh, wait, fae looked at the ap/get vulnerability, and using that api requires having an account even in older versions (at which point you may as well use the arbitrary code execution vulnerability fae found if you want to exploit the instance, which also requires having an account)

still the situation is really bad, but, at least it's not as bad as fae assumed (ap/get vulnerability is really nasty),,, like, currently the only major issues is people being able to spoof notes to that instance, and,,, a pretty bad vulnerability fae found in the past (that sharkey developers quietly patched without making an announcement about it, not referring to the ace vulnerability here)

,,, and there is whatever vulnerability there will be a patch for soon

1

0

2

1

Alexia

@alexia@starlightnet.work

3mo

@sugar

fwiw the upcoming vuln is BAD.

1

0

1