Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2016-07-22"
},
{
"last_affected": "2020-01-31"
}
],
"source": "CPE_RANGE",
"vendor_product": "digitalocean:golang-nanoauth",
"cpes": [
"cpe:2.3:a:digitalocean:golang-nanoauth:*:*:*:*:*:go:*:*"
]
}
]
}