blob: 70ff335fedc8cd7c24bbd7453664cf28c91cec7a [file] [log] [blame]
module: github.com/dinever/golf
versions:
- fixed: v0.3.0
description: |
CSRF tokens are generated using math/rand, which is not a cryptographically secure
rander number generation, making predicting their values relatively trivial and
allowing an attacker to bypass CSRF protections which relatively few requests.
published: 2021-04-14T20:04:52Z
credit: '@elithrar'
symbols:
- randomBytes
derived_symbols:
- Context.Render
- Context.RenderFromString
links:
pr: https://github.com/dinever/golf/pull/24
commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
context:
- https://github.com/dinever/golf/issues/20