CVE-2020-36564

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36564

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36564.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36564

Aliases

GHSA-5x84-q523-vvwr
GO-2020-0049

Published

2022-12-27T22:15:11Z

Modified

2024-05-14T08:10:01.572460Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

References

https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
https://github.com/justinas/nosurf/pull/60
https://pkg.go.dev/vuln/GO-2020-0049

Affected packages

Git / github.com/justinas/nosurf

Affected ranges

Type: GIT
Repo: https://github.com/justinas/nosurf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4d86df7a4affa1fa50ab39fb09aac56c3ce9c314

Affected versions

v1.*

v1.0.0

v1.1.0