The `gorilla/sessions` directory traversal and file (over)write is now being tracked as GO-2024-2730: go-review.googlesource.com/c/v

This issue was (co)-discovered as part of watchTowr's analysis of the Palo Alto Networks RCE (), but is entirely separate, and affects a wide range of Go-based web services.

github.com/golang/vulndb/issue

If you use gorilla/sessions with the FilesystemStore, please switch to the CookieStore instead until a patch is available.