@[email protected] anything we should worry about in regards to the lemmy exploit reported a couple of hours ago?
this post was submitted on 24 Jun 2023
1 points (100.0% liked)
Announcements
1 readers
1 users here now
Where the mods show stuff
founded 1 year ago
MODERATORS
I am following the Git issue closely and will update the site as soon as a fix is released.
There was first an exploit where you could launch JavaScript in the link of a post, which was resolved in the 0.18.1 release. Links only allow http(s) right now.
Then, an admin account was hacked at lemmy.world and went rogue. I suspect several other instances had this problem.
A second exploit was reported hours ago using custom emoji, and seems to be unpatched. I removed our custom emoji per their mitigation instructions and will terminate everyone’s sessions when I’m back at my computer for good measure. As soon as an update comes out for this it will be applied.