3 matches found
CVE-2025-24358 gorilla/csrf CSRF vulnerability due to broken Referer validation
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
gorilla/csrf CSRF vulnerability due to broken Referer validation
Summary gorilla/csrf is vulnerable to CSRF via form submission from origins that share a top level domain with the target origin. Details gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it...
GHSA-RQ77-P4H8-4CRW gorilla/csrf CSRF vulnerability due to broken Referer validation
Summary gorilla/csrf is vulnerable to CSRF via form submission from origins that share a top level domain with the target origin. Details gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it...