CVE-2020-36569
CRITICAL WAF: Low
CVSS 9.1
Published: 2022-12-27
CWE-287
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| digitalocean | golang-nanoauth | 2016-07-22 - 2020-01-31 |
References
- github.com (Patch, Third Party Advisory)
- github.com (Third Party Advisory)
- pkg.go.dev (Third Party Advisory)