CVE-2020-36564

Improper input validation in github.com/justinas/nosurf

CVSS 7.5 HIGHEPSS 0.7%

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

github.com/justinas/nosurf · github.com/justinas/nosurf

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314 https://github.com/justinas/nosurf/pull/60 https://pkg.go.dev/vuln/GO-2020-0049