CVE-2020-36564

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
GoCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
nosurf_projectnosurf
𝑥
< 1.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
https://github.com/justinas/nosurf/pull/60
https://pkg.go.dev/vuln/GO-2020-0049
https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
https://github.com/justinas/nosurf/pull/60
https://pkg.go.dev/vuln/GO-2020-0049