GO-2020-0049 Improper input validation in github.com/justinas/nosurf

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

QRadar Community Edition 7.3.1.6 Path Traversal Vulnerability

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens UUIDs. QRadar fails to validate if the user-supplied token is in the correct format. Using path...