- cross-posted to:
- caffeitalia@feddit.it
- fediverse@hexbear.net
- cross-posted to:
- caffeitalia@feddit.it
- fediverse@hexbear.net
Both lemmy.world and lemmy.blahaj.zone are both down, this issue IS URGENT as this could be why they are both down.
@CriticalResist8@lemmygrad.ml @muad_dibber@lemmygrad.ml @CaptCalhoun@lemmygrad.ml @Farmer_Heck@lemmygrad.ml @felipeforte@lemmygrad.ml @ksynwa@lemmygrad.ml
It’s being actively exploited in the wild as we speak.
Private disclosure is only useful and necessary when vulnerabilities are not being actively exploited or if they are exceptionally technically difficult requiring very specific conditions and you are disclosing specifically those conditions which might enable additional exploitation before a fix.
However, this is a technically simple exploit, disclosing it exists will not enable more attackers.
It is responsible in situations where something is being actively exploited, it is a simple exploit, etc to discuss, inform, and yes let others who may want to patch themselves have the knowledge needed to patch when devs are asleep or otherwise unable to act expediently.