Boosts - I don't know who needs to hear this but #TruthSocial, which is running a forked...

ryanfb, 2 months ago

I don't know who needs to hear this but #TruthSocial, which is running a forked version of Mastodon, does not from the source code appear to have appropriate mitigations in place for CVE-2023-36460, which theoretically allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-36460 (probably other CVE's as well, but some rely on federation which Truth Social doesn't use?) #infosec

reply

expand (34)

collapse (34)

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ Decentralize, luciedigitalni, Firlefanz, noodlejetski +40 more

mlevison 2 months ago
cstross 2 months ago
Wraithe 2 months ago
Jonathanglick 2 months ago
LeviKornelsen 2 months ago
kohelet 2 months ago
GhostOnTheHalfShell 2 months ago
Decentralize 2 months ago
aeva 2 months ago
j_g_fitzgerald 2 months ago
luciedigitalni 2 months ago
kcarruthers 2 months ago
catileptic 2 months ago
gvwilson 2 months ago
etherdiver 2 months ago
mastodonmigration 2 months ago
rolle 2 months ago
symfonystation 2 months ago
sll 2 months ago
grrrr_shark 2 months ago
aral 2 months ago
root 2 months ago
mmu_man 2 months ago
Crazypedia 2 months ago
noodlejetski 2 months ago
PhieLaidMignon 2 months ago
josh 2 months ago
vantablack 2 months ago
msokolov 2 months ago
skykiss 2 months ago
developerjustin 2 months ago
cassidy 2 months ago
bodomenke 2 months ago
oblomov 2 months ago
eniko 2 months ago
osma 2 months ago
grb090423 2 months ago
nilsskirnir 2 months ago
schm43cky 2 months ago
AnnaAnthro 2 months ago
Freyja 2 months ago
onepict 2 months ago
Bam 2 months ago
Firlefanz 2 months ago