VYPR

crates.io package

lemmy_routes

pkg:cargo/lemmy_routes

Vulnerabilities (1)

  • CVE-2026-29178HigMar 6, 2026
    affected < 0.19.16fixed 0.19.16

    Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/{filename} endpoint is vulnerable to unau