Hi fellow LTS members Today (as part of front desk work) I triaged lua-cgi and I thought that the session id vulnerabilities were rather basic and severe. So I thought that if it is a really used software it would have been found much earlier. Especially since the vulnerability have been there for some 6 years or so. So I checked popcorn and it is not really used much. I know we cannot trust popcorn that much but there were just some 80 installations reported in total.
So I think we should probably mark lua-cgi as unsupported instead of fixing the vulnerabilities. Any other opinion? Who usually handle this? Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
