When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
{ "nvd_published_at": "2023-12-11T22:15:06Z", "cwe_ids": [ "CWE-345", "CWE-670" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-12T18:09:52Z" }