reports/GO-2020-0049.yaml - vulndb - Git at Google

 module: github.com/justinas/nosurf
 versions:
   - fixed: v1.1.1
 description: |
     Due to improper validation of caller input, validation is silently disabled
     if the provided expected token is malformed, causing any user supplied token
     to be considered valid.
 credit: '@aeneasr'
 symbols:
   - VerifyToken
   - verifyToken
 derived_symbols:
   - CSRFHandler.ServeHTTP
 links:
     pr: https://github.com/justinas/nosurf/pull/60
     commit: https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314
	module: github.com/justinas/nosurf
	versions:
	- fixed: v1.1.1
	description: \|
	Due to improper validation of caller input, validation is silently disabled
	if the provided expected token is malformed, causing any user supplied token
	to be considered valid.
	credit: '@aeneasr'
	symbols:
	- VerifyToken
	- verifyToken
	derived_symbols:
	- CSRFHandler.ServeHTTP
	links:
	pr: https://github.com/justinas/nosurf/pull/60
	commit: https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314