Ask HN: Is Lemmy Suffering an Exploit?
Lemmy might be suffering from an XSS attack [1]. It looks like a few major groups are impacted [2] [3] [4]. It seems odd for them to all suffer admin credentials leaking at the same time.
7 comments
Looks like it was due to unsafe processing of custom emoji: https://github.com/LemmyNet/lemmy-ui/pull/1897
Can see the code injected by spammers/attackers as well: https://programming.dev/post/532566
One commenter mentions http cookies are used in lemmy. Not familiar with code base so I can’t confirm. So if true then this attack shouldn’t have caused such a widespread outage.
Something else might be going on
One commenter mentions http cookies are used in lemmy. Not familiar with code base so I can’t confirm. So if true then this attack shouldn’t have caused such a widespread outage.
Something else might be going on
[deleted]