blob: ec2bae5f999d5b125820cdb080745eb26e659ff4 [file] [log] [blame]
module: github.com/justinas/nosurf
versions:
- fixed: v1.1.1
description: |
Due to improper validation of caller input, validation is silently disabled
if the provided expected token is malformed, causing any user supplied token
to be considered valid.
published: 2021-04-14T20:04:52Z
credit: '@aeneasr'
symbols:
- VerifyToken
- verifyToken
derived_symbols:
- CSRFHandler.ServeHTTP
links:
pr: https://github.com/justinas/nosurf/pull/60
commit: https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314