User avatar
luna sugar🍬🍭🏳️‍⚧️🏳️‍🌈 [migrated to @sugar@snug.moe] @sugar@i.use.akkoma.btw.sylveon.social
3mo
looked at the misskey vulnerabilities in question

,,, oh wow, they're bad sylveon_shocked

essentially vulnerabilities allow spoofing posts (with a really simple exploit) and reading contents of any arbitrary post that the instance knows about (even external ones)

(there are also some other vulnerabilities, like imports working with files belonging to other people, as long you know the id of the file, but fae sees those as pretty minor unless fae is missing something)
3
2
4
0
User avatar
luna sugar🍬🍭🏳️‍⚧️🏳️‍🌈 [migrated to @sugar@snug.moe] @sugar@i.use.akkoma.btw.sylveon.social
3mo
yeah, so about the vulnerability that allows imports to work with files owned by other people

it was considered minor by the misskey developers too: github.com/misskey-dev/misskey/security/advisories/GHSA-g6hj-33h7-6fq8

good to know faer intuition here is correct sylveon_uwu
1
0
3
0
User avatar
illy [Shrimple-mode] protomoji_orange_flag_lesbian @illyBytes@shrimp.imsofucking.gay
3mo
@sugar yeah cus it prerequires info that's hard to guess mrroww
:sylveon_heart@i.use.akkoma.btw.sylveon.social:1
0
0
1
1