github.com/justinas/nosurf is vulnerable to Improper Access Control. The vulnerability exists in the verification of token functions in token.go
due to improper input validation which allows an attacker to provide arbitrary tokens which are marked as valid.