blob: 37a3af8d87e1e97b39a084529a3cca0f7c545afa [file] [log] [blame]
module: github.com/dinever/golf
versions:
- fixed: v0.3.0
description: |
CSRF tokens are generated using math/rand, which is not a cryptographically secure
rander number generation, making predicting their values relatively trivial and
allowing an attacker to bypass CSRF protections which relatively few requests.
credit: '@elithrar'
symbols:
- randomBytes
derived_symbols:
- Context.Render
- Context.RenderFromString
links:
pr: https://github.com/dinever/golf/pull/24
commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
context:
- https://github.com/dinever/golf/issues/20