this post was submitted on 15 May 2026
52 points (100.0% liked)

Slop.

597 readers
280 users here now

For posting all the anonymous reactionary bullshit that you can't post anywhere else.

Rule 1: All posts must include links to the subject matter, and no identifying information should be redacted.

Rule 2: If your source is a reactionary website, please use archive.is instead of linking directly.

Rule 3: No sectarianism.

Rule 4: TERF/SWERFs Not Welcome

Rule 5: No bigotry of any kind, including ironic bigotry.

Rule 6: Do not post fellow hexbears.

Rule 7: Do not individually target federated instances' admins or moderators.

founded 2 years ago
MODERATORS
Lyudmila@hexbear.net
VILenin@hexbear.net
ButtBidet@hexbear.net
MiraculousMM@hexbear.net
gaystyleJoker@hexbear.net
sweet_pecan@hexbear.net
52
turns out there's some zero-day bugs in that pie (hexbear.net)
submitted 11 hours ago by culpritus@hexbear.net to c/slop@hexbear.net
17 comments fedilink hide all child comments
 

most of the instances are offline or admin only login last I checked

https://lemmy.ml/modlog/14815

you are viewing a single comment's thread
view the rest of the comments
[–] Goferking0@ttrpg.network 16 points 9 hours ago (2 children)

Even dealing with a security issue the code is shit. Why are they chaining multiple ors in a if single statements

|                                        |                                                                                                                        |
| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
| `def is_invalid_get_request_uri(uri):` |                                                                                                                        |
|                                        | `if current_app.debug:`                                                                                                |
|                                        | `return False`                                                                                                         |
|                                        | `try:`                                                                                                                 |
|                                        | `ip = ipaddress.ip_address(furl(uri).host)`                                                                            |
|                                        | `except:`                                                                                                              |
|                                        | `ip = None`                                                                                                            |
|                                        | ``                                                                                                                     |
|                                        | `if ip:`                                                                                                               |
|                                        | `return ip.is_private or ip.is_link_local or ip.is_reserved or ip.is_loopback or ip.is_multicast or ip.is_unspecified` |
|                                        | `return False`                                                                                                         |
|                                        | ``                                                                                                                     |
|                                        | ``                                                                                                                     |
|                                        | `def is_invalid_post_request_uri(uri):`                                                                                |
|                                        | `return is_inv`                                                                                                        |

https://codeberg.org/rimu/pyfedi/commit/ada8e2ea35ec687000b7e7c2343288d44a219c3a

[–] mathemachristian@hexbear.net 3 points 2 hours ago

I mean they weren't given any heads up but had to instantly shut down their servers and figure out what was going on and come up with a solution on the spot. Not that I think piefed is well-made but just publicly posting critical security vulnerabilities is a dick move.

[–] MoonMelon@lemmy.ml 10 points 8 hours ago

Bare except, too. Not ideal.