💾 Archived View for gemi.dev › gemlog › 2022-01-31-psa-security-vuln.gmi captured on 2023-06-16 at 16:44:04. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
2022-01-31 | #security | @Acidus
I stumbled on a serious security vulnerability in a widely used gemini server. I am being deliberately vague because I don't want to enable malicious users to exploit the vulnerability until a fix is available.
I was able to contact the developer of the gemini server. They understand the seriousness of the issue and they are working on a fix which they plan to be available in the next week or so.
I did a scan of all known capsules and there are ~50 capsules with this security vulnerability. Once a fixed version has been released I will provide more information about the security issue.
For now, I suggest anyone running their own server:
I am confident this issue will be resolved and I believe it can serve as a catalyst to discuss many positive things such as: