Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

352K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-03-25

Terence Eden

🆕 blog! “An open(ish) redirect on Mastodon”

I've responsibly disclosed a small security issue with Mastodon (GHSA-8982-p7pm-7mqw). It allows a sufficiently determined attacker to use any Mastodon instance to redirect unwary users to a malicious site.

👀 Read more: shkspr.mobi/blog/2023/10/an-op

Cartoon of a tusked mastodon holding a phone.
Terence Eden’s Blog · An open(ish) redirect on Mastodon
More from Terence Eden
Oct 30, 2023, 12:35 PM·Public·Share on Mastodon
17boosts·17favorites
Quiet public
Matrixes

@Edent
Is the link to GitHub broken, or is it just me? I get a 404 even if I'm logged in.

Quiet public
Denny

@matrixes @Edent The GitHub app on my phone just got very unhappy about it.

Quiet public
Terence Eden

@denny @matrixes
Ah, sorry, that's a private link. I'll edit it.

Public
This account is inactive!

@Edent well, for @lapcatsoftware those news are very bad for his browser extension Homecoming...

ExploreLive feeds
About