@rightwingsjw @MK2boogaloo @Groomschild @MechaSilvio There are two kinds of software packages in the fedi ecosystem:

- Backends, like pleroma, rebased, akkoma, etc.
- Frontends, like soapbox, pleroma-fe, bloat-fe

There were issues with all of the backends that, if not present, would have mitigated this attack (such as CSP and issues with MediaProxy). There was also an issue with pleroma-fe that was exploited.

Honestly, given how little security auditing actually happens in this ecosystem, there's probably a ton of other issues just waiting to be used. Makes me wish we used Mastodon tbqh.