They didn't even bother to change the word "toot" on #TruthSocial in the Dutch language
Yes, he did not "build" TruthSocial but took #Mastodon source code and added anoher front end
The current source code is from 2022 meaning that they don't comply with the Mastodon licence OR they run a old version that has critical security flaws
Talk about a major fail..
I don't know who needs to hear this but #TruthSocial, which is running a forked version of Mastodon, does not from the source code appear to have appropriate mitigations in place for CVE-2023-36460, which theoretically allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-36460 (probably other CVE's as well, but some rely on federation which Truth Social doesn't use?) #infosec
stux⚡️