A vulnerability in the session library that ships with CGILua since version 5.0 beta may allow remote attackers to easily and quickly guess valid session IDs generated by a Lua web application and perform session hijacking.
d47d6ee8b23d4dfc00517ad05df39563c3ec959859f6a90ece46d4098f19ee5c