076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. tesaguri 🦀🦝 (tesaguri@fedibird.com)'s status on Sunday, 18-Feb-2024 23:13:54 JST tesaguri 🦀🦝 tesaguri 🦀🦝

    Lack of media type verification of Activity Streams objects allows impersonation of remote accounts · Advisory · mastodon/mastodon · GitHub
    https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36
    これを報告するなどしていた

    In conversation about 9 months ago from fedibird.com permalink

    Attachments

    1. Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
      ### Summary When fetching remote statuses, Mastodon doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a th...

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.