exploitDog

CVE-2020-36564

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

Ссылки

https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
Patch
Third Party Advisory
https://github.com/justinas/nosurf/pull/60
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0049
Third Party Advisory
https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
Patch
Third Party Advisory
https://github.com/justinas/nosurf/pull/60
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0049
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nosurf_project:nosurf:*:*:*:*:*:go:*:*

Версия до 1.1.1 (исключая)

EPSS

Процентиль: 54%

0.00308

Низкий

7.5 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-5x84-q523-vvwr

CVSS3: 7.5

github

около 3 лет назад

nosurf vulnerable to improper input validation

EPSS

Процентиль: 54%

0.00308

Низкий

7.5 High

CVSS3

Дефекты

CWE-20