Aliceif

**Name of the Vulnerable Software and Affected Versions** Hollo versions prior to 0.6.20 Hollo versions prior to 0.7.2 **Description** Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages (DMs) and posts restricted to followers were exposed through the ActivityPub outbox endpoint without proper authorization. This allowed unauthorized access to sensitive information. The issue affects the `ActivityPub` outbox endpoint. **Recommendations** Update to Hollo version 0.6.20 or later. Update to Hollo version 0.7.2 or later.