CVE-2020-36564

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36564

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36564.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36564

Aliases

Published

2022-12-27T22:15:11.673Z

Modified

2025-11-20T11:27:20.776214Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

References

Affected packages

Git / github.com/justinas/nosurf

Affected ranges

Type: GIT
Repo: https://github.com/justinas/nosurf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4d86df7a4affa1fa50ab39fb09aac56c3ce9c314

Affected versions

v1.*

v1.0.0

v1.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36564.json"