A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri",
"inReplyToAtomUri": "ostatus:inReplyToAtomUri",
"conversation": "ostatus:conversation",
"sensitive": "as:sensitive",
"toot": "http://joinmastodon.org/ns#",
"votersCount": "toot:votersCount",
"blurhash": "toot:blurhash",
"focalPoint": {
"@container": "@list",
"@id": "toot:focalPoint"
},
"Hashtag": "as:Hashtag",
"Emoji": "toot:Emoji"
}
],
"id": "https://nerdculture.de/users/Olly42/statuses/113957050064426819",
"type": "Note",
"summary": null,
"inReplyTo": null,
"published": "2025-02-06T12:56:29Z",
"url": "https://nerdculture.de/@Olly42/113957050064426819",
"attributedTo": "https://nerdculture.de/users/Olly42",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://nerdculture.de/users/Olly42/followers"
],
"sensitive": false,
"atomUri": "https://nerdculture.de/users/Olly42/statuses/113957050064426819",
"inReplyToAtomUri": null,
"conversation": "tag:nerdculture.de,2025-02-06:objectId=162947355:objectType=Conversation",
"content": "<p>GitHub Desktop Vulnerability risks<br />Credential Leaks via Malicious Remote<br />URLs. :github:</p><p>Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a users Git credentials.</p><p><a href=\"https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">flatt.tech/research/posts/clon</span><span class=\"invisible\">e2leak-your-git-credentials-belong-to-us/</span></a></p><p><a href=\"https://nerdculture.de/tags/github\" class=\"mention hashtag\" rel=\"tag\">#<span>github</span></a> <a href=\"https://nerdculture.de/tags/desktop\" class=\"mention hashtag\" rel=\"tag\">#<span>desktop</span></a> <a href=\"https://nerdculture.de/tags/credentials\" class=\"mention hashtag\" rel=\"tag\">#<span>credentials</span></a> <a href=\"https://nerdculture.de/tags/leak\" class=\"mention hashtag\" rel=\"tag\">#<span>leak</span></a> <a href=\"https://nerdculture.de/tags/it\" class=\"mention hashtag\" rel=\"tag\">#<span>it</span></a> <a href=\"https://nerdculture.de/tags/security\" class=\"mention hashtag\" rel=\"tag\">#<span>security</span></a> <a href=\"https://nerdculture.de/tags/privacy\" class=\"mention hashtag\" rel=\"tag\">#<span>privacy</span></a> <a href=\"https://nerdculture.de/tags/engineer\" class=\"mention hashtag\" rel=\"tag\">#<span>engineer</span></a> <a href=\"https://nerdculture.de/tags/media\" class=\"mention hashtag\" rel=\"tag\">#<span>media</span></a> <a href=\"https://nerdculture.de/tags/programming\" class=\"mention hashtag\" rel=\"tag\">#<span>programming</span></a> <a href=\"https://nerdculture.de/tags/tech\" class=\"mention hashtag\" rel=\"tag\">#<span>tech</span></a> <a href=\"https://nerdculture.de/tags/news\" class=\"mention hashtag\" rel=\"tag\">#<span>news</span></a></p>",
"contentMap": {
"en": "<p>GitHub Desktop Vulnerability risks<br />Credential Leaks via Malicious Remote<br />URLs. :github:</p><p>Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a users Git credentials.</p><p><a href=\"https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">flatt.tech/research/posts/clon</span><span class=\"invisible\">e2leak-your-git-credentials-belong-to-us/</span></a></p><p><a href=\"https://nerdculture.de/tags/github\" class=\"mention hashtag\" rel=\"tag\">#<span>github</span></a> <a href=\"https://nerdculture.de/tags/desktop\" class=\"mention hashtag\" rel=\"tag\">#<span>desktop</span></a> <a href=\"https://nerdculture.de/tags/credentials\" class=\"mention hashtag\" rel=\"tag\">#<span>credentials</span></a> <a href=\"https://nerdculture.de/tags/leak\" class=\"mention hashtag\" rel=\"tag\">#<span>leak</span></a> <a href=\"https://nerdculture.de/tags/it\" class=\"mention hashtag\" rel=\"tag\">#<span>it</span></a> <a href=\"https://nerdculture.de/tags/security\" class=\"mention hashtag\" rel=\"tag\">#<span>security</span></a> <a href=\"https://nerdculture.de/tags/privacy\" class=\"mention hashtag\" rel=\"tag\">#<span>privacy</span></a> <a href=\"https://nerdculture.de/tags/engineer\" class=\"mention hashtag\" rel=\"tag\">#<span>engineer</span></a> <a href=\"https://nerdculture.de/tags/media\" class=\"mention hashtag\" rel=\"tag\">#<span>media</span></a> <a href=\"https://nerdculture.de/tags/programming\" class=\"mention hashtag\" rel=\"tag\">#<span>programming</span></a> <a href=\"https://nerdculture.de/tags/tech\" class=\"mention hashtag\" rel=\"tag\">#<span>tech</span></a> <a href=\"https://nerdculture.de/tags/news\" class=\"mention hashtag\" rel=\"tag\">#<span>news</span></a></p>"
},
"attachment": [
{
"type": "Document",
"mediaType": "image/jpeg",
"url": "https://nerdculture.de/system/media_attachments/files/113/956/947/934/182/492/original/f705d89f83906b4b.jpeg",
"name": "\"Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,\" GMO Flatt Security researcher Ry0taK, who discovered the flaws, said in an analysis. \"Because of improper handling of messages, many projects were vulnerable to credential leakage in various ways.\"\n\n• CVE-2025-23040 (CVSS score: 6.6) - Maliciously crafted remote URLs could lead to credential leaks in GitHub Desktop\n• CVE-2024-50338 (CVSS score: 7.4) - Carriage-return character in remote URL allows the malicious repository to leak credentials in Git Credential Manager\n• CVE-2024-53263 (CVSS score: 8.5) - Git LFS permits retrieval of credentials via crafted HTTP URLs\n• CVE-2024-53858 (CVSS score: 6.5) - Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts\n\nWhile the credential helper is designed to return a message containing the credentials that are separated by the newline control character (\"\\n\"), the research found that GitHub Desktop is susceptible to a case of carriage return (\"\\r\") smuggling whereby injecting the character into a crafted URL can leak the credentials to an attacker-controlled host.\n\n\"Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration,\" GitHub said in an advisory.",
"blurhash": "UI9a]grpTgIU*0V@kCWBIBkDxutRDikDnhoz",
"focalPoint": [
0,
0
],
"width": 1024,
"height": 1024
}
],
"tag": [
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/github",
"name": "#github"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/desktop",
"name": "#desktop"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/credentials",
"name": "#credentials"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/leak",
"name": "#leak"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/it",
"name": "#it"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/security",
"name": "#security"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/privacy",
"name": "#privacy"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/engineer",
"name": "#engineer"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/media",
"name": "#media"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/programming",
"name": "#programming"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/tech",
"name": "#tech"
},
{
"type": "Hashtag",
"href": "https://nerdculture.de/tags/news",
"name": "#news"
},
{
"id": "https://nerdculture.de/emojis/81522",
"type": "Emoji",
"name": ":github:",
"updated": "2021-03-03T21:15:15Z",
"icon": {
"type": "Image",
"mediaType": "image/png",
"url": "https://nerdculture.de/system/custom_emojis/images/000/081/522/original/github.png"
}
}
],
"replies": {
"id": "https://nerdculture.de/users/Olly42/statuses/113957050064426819/replies",
"type": "Collection",
"first": {
"type": "CollectionPage",
"next": "https://nerdculture.de/users/Olly42/statuses/113957050064426819/replies?only_other_accounts=true&page=true",
"partOf": "https://nerdculture.de/users/Olly42/statuses/113957050064426819/replies",
"items": []
}
},
"likes": {
"id": "https://nerdculture.de/users/Olly42/statuses/113957050064426819/likes",
"type": "Collection",
"totalItems": 1
},
"shares": {
"id": "https://nerdculture.de/users/Olly42/statuses/113957050064426819/shares",
"type": "Collection",
"totalItems": 1
}
}