@nil @thisismissem @pixelfed yeah, something is fishy... Critical is usually reserved for "oops all root access on the host" vulns...
Top-level
@nil @thisismissem @pixelfed yeah, something is fishy... Critical is usually reserved for "oops all root access on the host" vulns... 4 comments
@thisismissem @matrix9180 @pixelfed huh. TIL what's in the CVE score: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator At least the base score. @nil @thisismissem @pixelfed yep, but I suppose it could be that high because it maybe exposes everyone's info. Going to get some rest but I'll probably see what they fixed and go from there lol @nil @matrix9180 @pixelfed so yeah, base score is 9.9 β though nist's calculator is more explanatory than GitHubs, overall score ended up being 8.4 with all the other factors |
@matrix9180 @nil @pixelfed that's how it was scored by GitHub score calculator. https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf