Mlmym bug that allows for 302 redirect hijacking - Now fixed in v0.0.40

Shadow@lemmy.ca to Lemmy@lemmy.ml – 25 points – /link endpoint allows redirection to any arbitrary URL · Issue #101 · rystaf/mlmym
github.com

Heads up for anyone running mlmym on their instance, your site is probably being used for google SEO manipulation: https://github.com/rystaf/mlmym/issues/101

If you're running an old version, update to v0.0.40!

2

Cheers, I just started dropping connections to /link as well, as a result.

Edit: Looks like it was quickly fixed and released in 0.0.40, very cool.

This is now fixed in v0.0.40, go update!