nostr:npub18994crjwnldrukwym5lz3y2nae84s84v20m2rkngtjnyg549lr6qvxmd6m new pleroma vuln dropped btw
New Pleroma vuln dropped: https://gitlab.com/soapbox-pub/rebased/-/merge_requests/264/diffs
Yes, this is a new one that isn't the same as the one from yesterday.
I don't completely understand the impact of this one, but you need to upgrade your server again. It seems bad but I'm not sure exactly how to exploit it.
Discussion
nostr:npub108zt8c43ulvdwnax2txurhhr07wdprl0msf608udz9rvpd5l68ascvdkr5 nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 yeah, XXE. Means anything that can submit an XML document that the server parses can read arbitrary files on the server, same as the other issue. Actually worse if this doesn’t require Auth. XXE is fixed by not using a shit and brain-damaged parsers, which nobody should be using. This is straight outta 2004.
Abandon hope, all ye who enter. Pleroma is fucked and was made by retards.
nostr:npub108zt8c43ulvdwnax2txurhhr07wdprl0msf608udz9rvpd5l68ascvdkr5 nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub18994crjwnldrukwym5lz3y2nae84s84v20m2rkngtjnyg549lr6qvxmd6m Notice how it was resolved by some random akkoma tranny instead of FediUN's task force on paycheck.