Lucene search
GoCVELIST:CVE-2020-36564HistoryDec 27, 2022 - 9:13 p.m.
CVE-2020-36564 Improper input validation in github.com/justinas/nosurf
2022-12-2721:13:31
Go
www.cve.org
3
input validation
github
nosurf
cve-2020-36564
caller input
EPSS
0.001
Percentile
31.6%
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
CNA Affected
[
{
"vendor": "github.com/justinas/nosurf",
"product": "github.com/justinas/nosurf",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/justinas/nosurf",
"versions": [
{
"version": "0",
"lessThan": "1.1.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "VerifyToken"
},
{
"name": "verifyToken"
},
{
"name": "CSRFHandler.ServeHTTP"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
Improper input validation in github.com/justinas/nosurf
2021-04-14 20:04:52
CVE-2020-36564
2022-12-27 22:15:11
nosurf vulnerable to improper input validation
2022-12-28 00:30:23
nvd
nvd
CVE-2020-36564
2022-12-27 22:15:11
prion
prion
Input validation
2022-12-27 22:15:00
veracode
veracode
Improper Access Control
2023-01-19 07:41:08
github
github
nosurf vulnerable to improper input validation
2022-12-28 00:30:23
cve
cve
CVE-2020-36564
2022-12-27 22:15:11