2 matches found
CVE-2026-29178
CVE-2026-29178 affects Lemmy via the activitypub_federation Rust framework. Before version 0.19.16, the GET /api/v4/image/{filename} endpoint is vulnerable to unauthenticated SSRF through injection of parameters in file_type, enabling an internal request to pict-rs and use of the proxy parameter ...
The vulnerability of the verify_url_valid() function in the Activitypub-Federation framework, a platform for creating and managing communities in the Lemmy ecosystem, allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the verifyurlvalid function in the Activitypub-Federation framework, a platform for creating and managing communities in the Lemmy community, is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker to bypass...