CVE-2016-15005

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

Ссылки

https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
Patch
Third Party Advisory
https://github.com/dinever/golf/issues/20
Issue Tracking
Third Party Advisory
https://github.com/dinever/golf/pull/24
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0045
Third Party Advisory
https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
Patch
Third Party Advisory
https://github.com/dinever/golf/issues/20
Issue Tracking
Third Party Advisory
https://github.com/dinever/golf/pull/24
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0045
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:golf_project:golf:*:*:*:*:*:go:*:*

Версия до 0.3.0 (исключая)

EPSS

Процентиль: 42%

0.00199

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-q9qr-jwpw-3qvv