💾 Archived View for gemi.dev › gemlog › 2022-01-31-psa-security-vuln.gmi captured on 2023-06-16 at 16:44:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

Public Service Announcement: Security vulnerability in gemini server software

2022-01-31 | #security | @Acidus

I stumbled on a serious security vulnerability in a widely used gemini server. I am being deliberately vague because I don't want to enable malicious users to exploit the vulnerability until a fix is available.

I was able to contact the developer of the gemini server. They understand the seriousness of the issue and they are working on a fix which they plan to be available in the next week or so.

I did a scan of all known capsules and there are ~50 capsules with this security vulnerability. Once a fixed version has been released I will provide more information about the security issue.

For now, I suggest anyone running their own server:

I am confident this issue will be resolved and I believe it can serve as a catalyst to discuss many positive things such as: