@sublimer こんにちは。Misskey本家のアドバイザリは未公開ですが、対象の脆弱性はめいすきーフォークのこちらのアドバイザリと同じものですね:
Impersonation and takeover of remote accounts with unnormalized signed activities · Advisory · mei23/misskey
https://github.com/mei23/misskey/security/advisories/GHSA-f7g9-xhcq-5ww6
