2 matches found
Cross-Site Request Forgery (CSRF)
github.com/gorilla/csrf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to improper origin validation caused by relying on the r.URL.Scheme field to detect TLS, which is not set for server requests, allowing an attacker with XSS on a related domain to perform...
CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...