CVE-2020-36564
HIGH WAF: Medium
CVSS 7.5
Published: 2022-12-27
CWE-20
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nosurf_project | nosurf | up to 1.1.1 |
References
- github.com (Patch, Third Party Advisory)
- github.com (Patch, Third Party Advisory)
- pkg.go.dev (Third Party Advisory)