3 matches found
Lemmy 代码问题漏洞
Lemmy is open-source software developed by Lemmy for building social news aggregators and web forums. Versions of Lemmy prior to 0.7.0-beta.9 contained code vulnerabilities. These vulnerabilities stemmed from the v4isInvalid function not checking the 0.0.0.0 address, which could allow unverified...
PT-2025-6115 · Lemmy +1 · Lemmy +1
Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request...
PT-2024-20000 · Lemmy · Lemmy
Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.17.0 through 0.19.0 Description: The issue allows any authenticated user to obtain arbitrary private message contents by creating a private message report. This is possible because the API response to creating a private messa...