Mastodon⚠️ We have just released important security fixes for the #Mastodon server software. Versions 4.1.3, 4.0.5, 3.5.9, as well as a new nightly are available now to make upgrading quick and painless. Please upgrade as soon as possible!
ZoeDear readers of social.animeprincess.net: I will upgrade my website to fix this this weekend. You have until then to hax me. GLHF.
fuomag9@zoe I'd recommend upgrading ASAP instead, the issue is critical (arbitrary code execution via a toot) and the vulnerability is probably going to be reversed fast by attackers
@fuomag9 Hmm alright then. Sorry hackers. animeprincess.net secured. It'd be annoying writing a "we got compromised" email to all 1 of the users.
So after looking at the mastodon security report / code commit I think I might have some idea (admittedly vague / incomplete) of how it worked.
No spoilers though I guess. Wait what is the etiquette about speculating about recent security issues anyway?