ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 21 days agoJellyfin critical security update - This is not a jokegithub.comexternal-linkmessage-square261fedilinkarrow-up1712arrow-down19 cross-posted to: [email protected][email protected][email protected]
arrow-up1703arrow-down1external-linkJellyfin critical security update - This is not a jokegithub.comElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 21 days agomessage-square261fedilink cross-posted to: [email protected][email protected][email protected]
minus-squarerumba@lemmy.ziplinkfedilinkEnglisharrow-up2·20 days agoBiggest worry is someone finding an uncaught RCE. Of course plugins also have surface area. We know they can anon pull video. You can sandbox it to limit exposure. But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…
Biggest worry is someone finding an uncaught RCE.
Of course plugins also have surface area.
We know they can anon pull video. You can sandbox it to limit exposure.
But if they modify the web client with an RCE, then you hit your own server as a trusted site and that delivers a payload…