CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.
{ "url": "https://pkg.go.dev/vuln/GO-2020-0045", "review_status": "REVIEWED" }