### Summary
Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.
Every Mastodon version prior to 3.5.17 is vulnerable, as well as...
And if they don’t update it soon, you might want to reconsider your choice of instance.
The advisory went up about 4h ago. About 3h ago, my instance admin sent out an announcement that the patch had been applied. That was before I even heard about the issue.
The advisory went up about 4h ago. About 3h ago, my instance admin sent out an announcement that the patch had been applied. That was before I even heard about the issue.
Nice work :)