Event JSON
{
"id": "60b4020d25ba4ae0a212eb8507420a2f53eba05b8ce64eb0413c8c3a572b1e32",
"pubkey": "dfb71495e1a9349496b225e90718c56e55b8f67d9a13e2eda554cbaed37569a8",
"created_at": 1720425432,
"kind": 1,
"tags": [
[
"p",
"dfb71495e1a9349496b225e90718c56e55b8f67d9a13e2eda554cbaed37569a8"
],
[
"proxy",
"https://social.wildeboer.net/@jwildeboer/112749801141694453",
"web"
],
[
"e",
"42973b4b6b05287f991d1831e1bda426734a1b5100895c2cc17391a7cb8619ab",
"",
"root"
],
[
"proxy",
"https://social.wildeboer.net/users/jwildeboer/statuses/112749801141694453",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.wildeboer.net/users/jwildeboer/statuses/112749801141694453",
"pink.momostr"
],
[
"expiration",
"1723017464"
]
],
"content": "From the referenced commit [1] I deduct that there was a way to construct a list of statuses that would be sent back to the requester without proper checking of scope, meaning that you could get messages that were limited to certain users without being one of those certain users. Oops.\n\n[1] https://github.com/mastodon/mastodon/commit/d4bf22b632ea8b1174375c4966a6768ab66393b6",
"sig": "301a2190e876eba3bc52b9b7c9928728b5dc2f907d51088476fefdea1516af0bcb5eb05118386ad6a6616c89e604c8c685dd7913374d3f4914245e59d48dda18"
}