Lemmy NSFW

11864 readers

232 users here now

Updates about lemmynsfw.com

founded 1 year ago

MODERATORS

yay@lemmynsfw.com

MikeyMongol@lemmynsfw.com

gavi@lemmynsfw.com

Limeey@lemmynsfw.com

bobbiguy2122@lemmynsfw.com

metaconnoisseur@lemmynsfw.com

A serious vulnerability just discovered in lemmy is causing instances to be compromised. Please join our matrix room or follow us on mastodon for updates if we take the site down temporarily. (lemmynsfw.com)

submitted 1 year ago* (last edited 1 year ago) by gavi@lemmynsfw.com to c/lemmynsfw@lemmynsfw.com

6 comments fedilink hide all child comments

We have little information currently, but we may at least lock the site down for preemptive safety reasons. There seems to be a serious XSS vulnerability within lemmys code. We have disabled community creation temporarily and are contemplating taking the site down temporarily as well. Please find us below and stay safe, ya'll.

https://mastodon.world/@lemmynsfw https://matrix.to/#/#lemmynsfw:matrix.org

EDIT: For the time being we have disabled federation, new user sign ups, and community creation.

top 6 comments

sorted by: hot top controversial new old

[–] DelvianSeek@lemmynsfw.com 1 points 1 year ago

Thanks for the heads up! Sounds serious. Keeping fingers crossed that it will get fixed quickly.

[–] Crackhappy@lemmynsfw.com 1 points 1 year ago (2 children)

Good luck. The real problem is that bugs like this in your code that lead to easy XSS script loads like this tend to point to a bigger problem.

[–] gavi@lemmynsfw.com 3 points 1 year ago

I agree. There needs to be an audit of lemmy entire source.

[–] cuck4mai@lemmynsfw.com 0 points 1 year ago (1 children)

This is on top of the privacy concerns and huge potential for vote manipulation.

[–] astral_avocado@lemmynsfw.com 1 points 1 year ago

What are these concerns and are they unique to Lemmy vs other fediverse type software like Mastodon?

[–] LexiconBexicon@lemmynsfw.com 1 points 1 year ago

The issue seems resolved according to lemm.ee