wakest likes your bugs ⁂

Check in with your admins and server operators and make sure your instance is upgraded!

"Using carefully crafted media files, attackers can cause Mastodon's media processing code to create arbitrary files at any location"

https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm
#CVE202336460

Arbitrary file creation through media attachments

(This advisory describes an issue found by Cure53 as part of an audit performed at Mozilla's request) Using carefully crafted media files, attackers can cause Mastodon's media processing code to...

GitHub
Jul 7, 2023 at 6:32amWeb