There’s plenty of posts on the topic about Lemmy.world being compromised, followed by the exploit being tracked back to an XSS exploit that I believe works on instances with custom emojis enabled. Many instances have been quick to jump on this such as feddit.uk and Behaw which took itself down temporarily.

Does this affect sh.itjust.works?

If so what are the admins doing about it?

Can we get some sort of admin post about this? Last update from them was some time ago.

Hopefully the admins have 2FA enabled on their accounts.

  • oatmilkmaid@possumpat.io
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    1 year ago

    sh.itjust.works doesn’t have custom emojis and so is fairly safe from this specific exploit. Only local users of instances with custom emojis were at risk if they had visited a malicious page on their home instance.

    Lemmy-ui pushed a fix for this vulnerability just 8 minutes ago, so we’ll see if that makes it here.