💾 Archived View for gemi.dev › gemini-mailing-list › 000894.gmi captured on 2024-06-16 at 14:57:20. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

-=-=-=-=-=-=-

[gmnisrv] Notice of security vulnerability

1. Drew DeVault (sir (a) cmpwn.com)

• 📅 Sent: 2021-05-04 13:47
• 📧 Message 1 of 1

Versions of gmnisrv[0] which were built after commit
ea360fa4c10791c3c720c33470c86923424348fe are vulnerable to a path
traversal exploit, in which a specially crafted Gemini request can be
used to read any file on the host's filesystem.

[0]: https://git.sr.ht/~sircmpwn/gmnisrv

This issue was fixed in commit 0dc0e4432a70eafde69509fde8a29802e46ae712.

Link to individual message.

---

Previous Thread: [users] New Gemlog from someone from the audiogames forum

Next Thread: Gemini is super.