GHSA-5x84-q523-vvwr

Suggest an improvement
Source
https://github.com/advisories/GHSA-5x84-q523-vvwr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-5x84-q523-vvwr/GHSA-5x84-q523-vvwr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5x84-q523-vvwr
Aliases
Published
2022-12-28T00:30:23Z
Modified
2023-11-08T04:03:47.666515Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
nosurf vulnerable to improper input validation
Details

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

Database specific 
{
    "nvd_published_at": "2022-12-27T22:15:00Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T19:06:40Z"
}
References

Affected packages

Go / github.com/justinas/nosurf

Package

Name
github.com/justinas/nosurf
View open source insights on deps.dev
Purl
pkg:golang/github.com/justinas/nosurf

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1