senooken JP Social
  • FAQ
  • Login
senooken JP Socialはsenookenの専用分散SNSです。

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: (kaniini@pleroma.site)'s status on Thursday, 23-Aug-2018 10:44:19 JST :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd:
    pleroma folks: update your instances NOW.

    there is a serious denial of service vulnerability that is trivial to leverage: if an attacker sends an otherwise valid Activity to us without a valid ID, pleroma will wind up inserting a node into it's object graph with an empty ID.

    if you cannot rebase your tree on latest, the necessary patches are here: https://git.pleroma.social/pleroma/pleroma/merge_requests/286.
    In conversation Thursday, 23-Aug-2018 10:44:19 JST from pleroma.site permalink

    Attachments

    1. security: activitypub: reject activities with bogus ids (!286) · Merge Requests · Pleroma / pleroma
      from GitLab
      An attacker can damage Pleroma's object graph in some limited cases by sending activities with an invalid ID. This can lead to a denial of service (DoS) condition. We mitigate...
    • Vaporwave Singapore and Trolli Schmittlauch ???? repeated this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

senooken JP Social is a social network, courtesy of senooken. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All senooken JP Social content and data are available under the Creative Commons Attribution 3.0 license.