Plausible critical RCE < 3.2.1
(github.com)
from Calyhre@lemmy.world to selfhosted@lemmy.world on 01 Jun 16:49
https://lemmy.world/post/47628991
from Calyhre@lemmy.world to selfhosted@lemmy.world on 01 Jun 16:49
https://lemmy.world/post/47628991
Today I randomly felt on this release note, mentioning an RCE “under certain conditions “
Digging up a bit, it’s a full blown RCE on any default install. Worst, unless you were aware of the /storybook path, it’s very unlikely you blocked it.
I also wrote a small POC here gist.github.com/…/67337024ece3762cbc3c9e4956b0e3d…
If you are using Plausible 3.0.0 until 3.2.0 included, you should upgrade ASAP, and rotate everything
#selfhosted
threaded - newest