CVE-2016-15005

Cryptographically weak random number generation in github.com/dinever/golf

CVSS 8.8 HIGHEPSS 0.4%

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

github.com/dinever/golf · github.com/dinever/golf

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe https://github.com/dinever/golf/issues/20 https://github.com/dinever/golf/pull/24 https://pkg.go.dev/vuln/GO-2020-0045