Impact
The functionality to load a cover via url is vulnerable to a server-side request forgery attack; any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user.
Patches
The problem has been patched and administrators should upgrade to version tag v0.3.0
Workarounds
Instances can close registration and limit members to trusted individuals.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
Impact
The functionality to load a cover via url is vulnerable to a server-side request forgery attack; any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user.
Patches
The problem has been patched and administrators should upgrade to version tag v0.3.0
Workarounds
Instances can close registration and limit members to trusted individuals.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory: