PSA: Lemmy.world has been compromised
PSA: Lemmy.world has been compromised
I'd avoid going directly to the site. There could be security issues, and you could get redirected to some "bad" places.
It should be OK to view their federated posts from lemmy.nz (i.e. where the URL starts with lemmy.nz), but be careful!
Potentially more info here: https://lemmy.nz/post/325142
2 comments
Link to the vulnerability: https://github.com/LemmyNet/lemmy-ui/issues/1895
Apparently it’s a XSS using custom emojis.
Yep. Only affects instances which have one or more custom emojis. Lemmy.nz is not directly affected, since there are no custom emojis.