Notes: The vulnerability appears to be with Lemmy software, and other instances are possibly vulnerable until the Lemmy devs resolve it, however Lemmy.World has implemented their own fix in the meantime. It has not yet been ruled out if non-admin users have had their tokens compromised, but all accounts should be forced to manually log in again, as a preventative measure.

  • atocci@kbin.social
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    They managed to do this through the custom emoji renderer? Exploits are always so fascinating.