Wonder if https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/ (CVE-2026-41316) is an issue for Mastodon?
Uncategorized
2
Posts
2
Posters
5
Views
-
Wonder if https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/ (CVE-2026-41316) is an issue for Mastodon?
Gemfile.lock for stable-4.5 still has erb (5.1.3), but no idea if Mastodon uses it in an attackable way.
-
Wonder if https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/ (CVE-2026-41316) is an issue for Mastodon?
Gemfile.lock for stable-4.5 still has erb (5.1.3), but no idea if Mastodon uses it in an attackable way.
@galaxis mastodon code itself has no references to Marshal, as well as
json-ld-*,sidekiquses json serializationIt’s highly unlikely that dependencies use marshaling as well. It’s used to encode raw ruby objects which is very rare and subject to Ruby version incompatibility
-
R relay@relay.mycrowd.ca shared this topicSystem shared this topic
