💾 Archived View for rwv.io › 2021-05-13-dezhemini-security-announcement.gmi captured on 2021-12-17 at 13:26:06. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

Dʒɛmɪni security announcement

A couple of days ago I've found and fix a path traversal issue in the dezhemini gemini server software. A specially crafted URL will allow an attacker to read arbitrary files from the host file system.

The issue is fixed in commit 2dba1ee1c875b07ca2e04f8bf2d03bfc5b2afc5f. All versions prior to this commit are vulnerable to this type of intrusion.

Please upgrade as soon as possible.

--

📅 2021-05-13

🏷 dʒɛmɪni, announcement

📧 hello@rwv.io

🅭 BY-NC-SA 4.0