If your instance is not up to date (see footer), you can pass this along to your admins to check
You must log in or register to comment.
I wonder if the companies that forked mastodon (like truth social) will bother to update. I can see someone posting stuff as a former president with this flaw.
Eh, stuff like truth social doesn’t federate with anything anyway, so unfortunately this isn’t a vulnerability for them.
Has it been confirmed this is a federation bug?
deleted by creator
Is this mastodon specific or is it an activitypub flaw?
deleted by creator
we think any amount of detail would make it very easy to come up with an exploit
People who would create exploits for this definitely can’t read the diffs and see what changed.
deleted by creator
