Cryptographically weak random number generation in github.com/dinever/golf
Details
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.