Vulnerability Report: GO-2020-0045

CVE-2016-15005, GHSA-q9qr-jwpw-3qvv
Affects: github.com/dinever/golf
Published: Apr 14, 2021
Modified: May 20, 2024

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

Affected Packages

Path

Go Versions

Symbols
github.com/dinever/golf

before v0.3.0
- Context.Render
- Context.RenderFromString

Aliases

CVE-2016-15005
GHSA-q9qr-jwpw-3qvv

References

https://github.com/dinever/golf/pull/24
https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
https://github.com/dinever/golf/issues/20
https://vuln.go.dev/ID/GO-2020-0045.json

Credits

@elithrar

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL