GHSA-7287-grhx-542x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7287-grhx-542x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-7287-grhx-542x/GHSA-7287-grhx-542x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7287-grhx-542x
- Aliases
- Published
- 2025-03-25T21:31:34Z
- Modified
- 2025-03-26T15:10:56.045283Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Pixelfed may allow unauthorized actor to view private posts and private users
- Details
-
Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.
- Database specific
{ "nvd_published_at": "2025-03-25T21:15:43Z", "cwe_ids": [ "CWE-863" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-03-26T14:53:15Z" }- References
Affected packages
Packagist / pixelfed/pixelfed
Package
- Name
- pixelfed/pixelfed
- Purl
- pkg:composer/pixelfed/pixelfed
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.12.5
Affected versions
v0.*
v0.1.9
v0.5.9
v0.6.0
v0.6.1
v0.7.6
v0.8.0
v0.8.5
v0.8.6
v0.9.0
v0.9.4
v0.9.5
v0.9.6
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.10.10
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4