076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Ryan Baumann (ryanfb@digipres.club)'s status on Wednesday, 27-Mar-2024 16:42:04 JST Ryan Baumann Ryan Baumann

    I don't know who needs to hear this but #TruthSocial, which is running a forked version of Mastodon, does not from the source code appear to have appropriate mitigations in place for CVE-2023-36460, which theoretically allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-36460 (probably other CVE's as well, but some rely on federation which Truth Social doesn't use?) #infosec

    In conversation about 8 months ago from digipres.club permalink

    Attachments


    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.