Hi fellow LTS members
Today (as part of front desk work) I triaged lua-cgi and I thought that the session id vulnerabilities were rather basic and severe. So I thought that if it is a really used software it would have been found much earlier. Especially since the vulnerability have been there for some 6 years or so.
So I checked popcorn and it is not really used much. I know we cannot trust popcorn that much but there were just some 80 installations reported in total.
So I think we should probably mark lua-cgi as unsupported instead of fixing the vulnerabilities.
Any other opinion?
Who usually handle this?
Best regards
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
---------------------------------------------------------------