this post was submitted on 10 Jul 2023
75 points (95.2% liked)
Meta (lemm.ee)
4126 readers
1 users here now
lemm.ee Meta
This is a community for discussion about this particular Lemmy instance.
News and updates about lemm.ee will be posted here, so if that's something that interests you, make sure to subscribe!
Rules:
- Support requests belong in !support
- Only posts about topics directly related to lemm.ee are allowed
- If you don't have anything constructive to add, then do not post/comment here. Low effort memes, trolling, etc is not allowed.
- If you are from another instance, you may participate in discussions, but remain respectful. Realize that your comments will inevitably be associated with your instance by many lemm.ee users.
If you're a Discord user, you can also join our Discord server: https://discord.gg/XM9nZwUn9K
Discord is only a back-up channel, [email protected] will always be the main place for lemm.ee communications.
If you need help with anything, please post in !support instead.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hey folks! I have spent this morning helping lemmy.world mitigate the issue. I have also sent out mitigation instructions to other admins as well.
For the particular exploit that was used on lemmy.world:
So there should not be any reason to defederate. I will continue monitoring and investigating, if further vulnerabilities pop up then I will adjust accordingly.
You rock! Sorry if this is a stupid question, but if both instances are running the same version of Lemmy, why would lemmy.world be affected but not lemm.ee?
Malicious custom emoji contained scripts that sent session cookies to the attackers.
Makes sense! Thank you.