A serious vulnerability just discovered in lemmy is causing instances to be compromised. Please join our matrix room or follow us on mastodon for updates if we take the site down temporarily. (lemmynsfw.com)

submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

We have little information currently, but we may at least lock the site down for preemptive safety reasons. There seems to be a serious XSS vulnerability within lemmys code. We have disabled community creation temporarily and are contemplating taking the site down temporarily as well. Please find us below and stay safe, ya'll.

https://mastodon.world/@lemmynsfw https://matrix.to/#/#lemmynsfw:matrix.org

EDIT: For the time being we have disabled federation, new user sign ups, and community creation.

top 6 comments

sorted by: hot top new old

[-] [email protected] 6 points 2 years ago

Thanks for the heads up! Sounds serious. Keeping fingers crossed that it will get fixed quickly.

[-] [email protected] 4 points 2 years ago

Good luck. The real problem is that bugs like this in your code that lead to easy XSS script loads like this tend to point to a bigger problem.

[-] [email protected] 4 points 2 years ago

I agree. There needs to be an audit of lemmy entire source.

[-] [email protected] 0 points 2 years ago

This is on top of the privacy concerns and huge potential for vote manipulation.

[-] [email protected] 1 points 2 years ago

What are these concerns and are they unique to Lemmy vs other fediverse type software like Mastodon?

[-] [email protected] 1 points 2 years ago

The issue seems resolved according to lemm.ee

this post was submitted on 10 Jul 2023

52 points (98.1% liked)

Lemmy NSFW

12863 readers

1 users here now

Updates about lemmynsfw.com

founded 2 years ago

MODERATORS

[email protected]