losttourist, (edited ) Edit: there is now a mitigation available. It should be safe to use Lemmy again as long as your instance has applied the fix.
https://lemmy.world/post/1293336
Yep, it looks like there is a XSS vulnerability with Lemmy that has been widely exploited, allowing the attackers to steal cookie credentials including potentially those of the site admins.
Some other non-compromised Lemmy instances have taken themselves offline until a fix is available.
Kbin is not affected as far as I can see.
If you have a Lemmy account, don't use it at the moment!
Add comment