CVE-2016-15005

Cryptographically weak random number generation in github.com/dinever/golf

CVSS 8.8 HIGHEPSS 0.4%

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

github.com/dinever/golf · github.com/dinever/golf

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe https://github.com/dinever/golf/issues/20 https://github.com/dinever/golf/pull/24 https://pkg.go.dev/vuln/GO-2020-0045