Ryan BaumannI don't know who needs to hear this but #TruthSocial, which is running a forked version of Mastodon, does not from the source code appear to have appropriate mitigations in place for CVE-2023-36460, which theoretically allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-36460 (probably other CVE's as well, but some rely on federation which Truth Social doesn't use?) #infosec
TC Won't Give In To Lies@ryanfb
It would be a real shame if Truth Social went down with technical issues just as it goes public.
But given the clown car of people involved, it wouldn't be a surprise. Weren't they having trouble just paying the server bills?