@homakov discovered that the session cookie stored for Gist contained sensitive authentication data. We have addressed this issue by removing this data from the cookie and revoking all Gist authentication tokens that could have been exposed.

This vulnerability has received extra points due to its severity when combined with other reported vulnerabilities.