Arbitrary file creation through media attachments on Mastodon
Arbitrary file creation through media attachments on Mastodon
![](https://lemmy.world/pictrs/image/44c44a80-6fdc-491c-ba1b-01ab519e58cf.png?thumbnail=1024&format=webp)
CVE-2023-36460 is a Mastodon vulnerability where you can send a toot which makes a webshell on instances that process said toot.
Edit: it's already fixed, that's why it was disclosed on GitHub.
3
comments
Not sure if this is related, but I think they pushed an update for it https://mastodon.social/@Mastodon/110667890329356603
6 0 ReplyYes, it's already fixed, that's why it was disclosed on Github. I will edit the post to reflect that.
4 0 Reply
Woof
2 1 Reply