Notes: The vulnerability appears to be with Lemmy software, and other instances are possibly vulnerable until the Lemmy devs resolve it, however Lemmy.World has implemented their own fix in the meantime. It has not yet been ruled out if non-admin users have had their tokens compromised, but all accounts should be forced to manually log in again, as a preventative measure.
You must log in or register to comment.
They managed to do this through the custom emoji renderer? Exploits are always so fascinating.
Fmhy is also down, wonder if it’s been hacked as well.
