CVE-2020-36564

Published December 27th, 2022

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

justinas/nosurf

CSRF protection middleware for Go.

GitHub

1.73K