Skip Navigation

Recent "vulnerability": Pixelfed leaks private posts from other Fediverse instances

fokus.cool

Pixelfed leaks private posts from other Fediverse instances - fiona fokus

Another dust-up with Dansup lol...

cross-posted from: https://lemmy.crimedad.work/post/903768

The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.

Fediverse @midwest.social

Pixelfed leaks private posts from other Fediverse instances

PixelFed: A free and ethical photo sharing platform. @lemmy.ml

Recent "vulnerability": Pixelfed leaks private posts from other Fediverse instances

Fediverse @lemmy.world

Pixelfed leaks private posts from other Fediverse instances - fiona fokus

10 comments
10 comments