Just a gentle periodic reminder that #TruthSocial is by any way I can legally determine, still running the 3.4.1 version of Mastodon.
3.4.1 was released on 2021-06-03 (https://github.com/mastodon/mastodon/releases/tag/v3.4.1) which means it very likely includes the #CVE202423832 vuln, as well as many others.
The 3.4.10 release (9 updates later!) had its End Of Life 2 years ago (2022-11-06), so 3.4.1 is shockingly ancient.
It is an accident which has likely already happened.
⠠⠵ avuko /
npub17d…mnwqr
2024-11-27 15:20:41
Author Public Key
npub17dsm7wlmaglac8wyswnv88958xsya9gnmpfwnza0t0udfn6gft4qlmnwqrPublished at
2024-11-27 15:20:41Event JSON
{
"id": "a7b0eeb2b435d05f9ff2b1b8af934a22e6dc15efa0a902d2deff57a947b18815",
"pubkey": "f361bf3bfbea3fdc1dc483a6c39cb439a04e9513d852e98baf5bf8d4cf484aea",
"created_at": 1732720841,
"kind": 1,
"tags": [
[
"t",
"truthsocial"
],
[
"t",
"cve202423832"
],
[
"proxy",
"https://infosec.exchange/users/avuko/statuses/113555593046425319",
"activitypub"
]
],
"content": "Just a gentle periodic reminder that #TruthSocial is by any way I can legally determine, still running the 3.4.1 version of Mastodon. \n\n3.4.1 was released on 2021-06-03 (https://github.com/mastodon/mastodon/releases/tag/v3.4.1) which means it very likely includes the #CVE202423832 vuln, as well as many others.\n\nThe 3.4.10 release (9 updates later!) had its End Of Life 2 years ago (2022-11-06), so 3.4.1 is shockingly ancient.\n\nIt is an accident which has likely already happened.",
"sig": "180909e2f3ec5f611ace6c6e5e9f41e5b07cb9e1e2a42c9c6b201693288986494199ae90b2a379f00e20f200798738b44d0699a2066f54488b15b7cd3bf30b84"
}