The `gorilla/sessions` directory traversal and file (over)write is now being tracked as GO-2024-2730:

This issue was (co)-discovered as part of watchTowr's analysis of the Palo Alto Networks RCE (), but is entirely separate, and affects a wide range of Go-based web services.

If you use gorilla/sessions with the FilesystemStore, please switch to the CookieStore instead until a patch is available.