Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.5K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.5

Public *
Fedify: an ActivityPub server framework

CVE-2024-39687, a vulnerability that could potentially allow a Server Side Request Forgery (SSRF) attack, was discovered in Fedify and a security patch has been applied to fix it. The patched versions are 0.9.2, 0.10.1, and 0.11.1, respectively. If you are using an earlier version, please update as soon as possible.

Thanks to @thisismissem for reporting the vulnerability!

GitHubPotential for access to internal network resources### Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the `@id` or other resources present within the activity...
Emelia 👸🏻

@fedify users of Fedify still need to keep potential for SSRF in mind when requesting any URLs in Activities/Objects not through these APIs, e.g., when downloading media from a remote server for caching

Jul 05, 2024, 10:13 AM·Public·Ivory for iOS
0boosts·1favorite
ExploreLive feeds
About