| module: github.com/dinever/golf |
| versions: |
| - fixed: v0.3.0 |
| description: | |
| CSRF tokens are generated using math/rand, which is not a cryptographically secure |
| rander number generation, making predicting their values relatively trivial and |
| allowing an attacker to bypass CSRF protections which relatively few requests. |
| published: 2021-04-14T12:00:00Z |
| credit: "@elithrar" |
| symbols: |
| - randomBytes |
| links: |
| pr: https://github.com/dinever/golf/pull/24 |
| commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe |
| context: |
| - https://github.com/dinever/golf/issues/20 |