Arbitrary file creation through media attachments on Mastodon
Arbitrary file creation through media attachments on Mastodon
CVE-2023-36460 is a Mastodon vulnerability where you can send a toot which makes a webshell on instances that process said toot.
Edit: it's already fixed, that's why it was disclosed on GitHub.
The security advisory: https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm
You're viewing a single thread.
All Comments
3 comments
Woof
2 1 Reply