Oneesan succubus on Nostr: Alright, we found a second exploit that is much worse than the first one I found, it ...
Alright, we found a second exploit that is much worse than the first one I found, it involves a bug in our oembed parser. A new release is being prepared right now. Unless there's a third exploit, this can be mitigated by disabling rich media in the pleroma settings. Frontends other than pleroma-fe might also be not vulnerable.
What alex is recommending here will also fix the issue, so you can do that as well:
https://gleasonator.com/notice/AW3PsTi4WCWEUbN0uOPublished at
2023-05-26 18:29:58Event JSON
{
"id": "aca2cdef032b8c8048d73650c27337f914e1733d8ebb385105229f3146024330",
"pubkey": "55fae3fc0bd229e19c562b31e74558c8b9c5368bc0030e8c1c9ad09fd26f70e4",
"created_at": 1685125798,
"kind": 1,
"tags": [
[
"mostr",
"https://pleroma.soykaf.com/objects/21ce9b3e-f019-435a-af6b-70369161cff1"
]
],
"content": "Alright, we found a second exploit that is much worse than the first one I found, it involves a bug in our oembed parser. A new release is being prepared right now. Unless there's a third exploit, this can be mitigated by disabling rich media in the pleroma settings. Frontends other than pleroma-fe might also be not vulnerable.\n\nWhat alex is recommending here will also fix the issue, so you can do that as well:\n\nhttps://gleasonator.com/notice/AW3PsTi4WCWEUbN0uO",
"sig": "fd0ec1b7a2a9f70c62d361bd90f74f7641e3d7cfd120d6df047ea3f964b2ad07f6c4d65bd114197657bfec68d7b6cc65074b6e97193fb2339558335600741968"
}
