this post was submitted on 17 Jul 2024
79 points (100.0% liked)

Lemmy

12524 readers
17 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
nutomic@lemmy.ml
79
Instance Owners: Do Not Use Lemmy-Thumbnail-Cleaner (biglemmowski.win)
submitted 3 months ago* (last edited 3 months ago) by taaz@biglemmowski.win to c/lemmy@lemmy.ml
6 comments fedilink hide all child comments
 

If you are using https://github.com/wereii/lemmy-thumbnail-cleaner please stop and disable it as soon as possible.

We have found a security issue that allows any user to make LTC delete any locally hosted image.

I will be posting more details soon and editing this to include the information.

E: More information here https://github.com/wereii/lemmy-thumbnail-cleaner/issues/10

you are viewing a single comment's thread
view the rest of the comments
[–] db0@lemmy.dbzer0.com 15 points 3 months ago (1 children)

I'm really curious how someone can exploit a script that is meant to be running locally with no external facing interface

[–] taaz@biglemmowski.win 6 points 3 months ago (1 children)

Post edited with link to more information.

[–] db0@lemmy.dbzer0.com 4 points 3 months ago

thanks