CVE-2020-36564

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-36564
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36564.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-36564
Aliases
Published
2022-12-27T22:15:11.673Z
Modified
2026-05-30T15:30:12.798949Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

References

Affected packages

Git / github.com/justinas/nosurf

Affected ranges

Type
GIT
Repo
https://github.com/justinas/nosurf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
Database specific 
{
    "cpe": "cpe:2.3:a:nosurf_project:nosurf:*:*:*:*:*:go:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.1"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

v1.*
v1.0.0
v1.1.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36564.json"