What is Nostr?
Filippo Valsorda :go: /
npub1whz…kn2m
2024-04-17 22:59:25

Filippo Valsorda :go: on Nostr: A PSA since there's some confusion on this... There is no vulnerability in Gorilla ...

A PSA since there's some confusion on this...

There is no vulnerability in Gorilla Sessions.

The vulnerability is in Palo Alto's internal SessDiskStore, which looks similar to FilesystemStore. Early analysis came to the mistaken conclusion that the vulnerable path was in FilesystemStore, but it's not. FilesystemStore authenticates the Session.ID with securecookie, SessDiskStore does not.
Author Public Key
npub1whzyg92c6fsvpjjcnn504z0a2pfwenctp872sgmedqg2np4drj8qwakn2m