482

PSA: Lemmy.world has been compromised! (Edit: Multiple Instances are down)

posted
*
by
Avatar
G59@lemmy.ml
in
Avatar
fediverse@lemmy.ml
242 comments
hidereport

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
Max-P@lemmy.max-p.me
19 points

Pretty much, and it’s not even XSS (it’s not cross-site), it’s just plain basic HTML injection breaking out of Markdown. At least as far as I was able to find.

permalink
report
parent
reply
Avatar
redcalcium@c.calciumlabs.com
4 points

XSS is a blanket term for vulnerabilities that allows attackers to inject client-side scripts. Looks like someone is already identified and submitted a pull request that contain a fix: https://github.com/LemmyNet/lemmy-ui/pull/1897/files

permalink
report
parent
reply
Avatar
barsoap@lemm.ee
1 point

Aaaargh yeah using typescript doesn’t do jack when your API is stringly-typed. This erm wouldn’t have happened on the backend.

permalink
report
parent
reply

Fediverse

!fediverse@lemmy.ml

Create post

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

Community stats

  • 359

    Monthly active users

  • 806

    Posts

  • 12K

    Comments

Community moderators