VYPR
Critical severityNVD Advisory· Published Dec 27, 2022· Updated Apr 11, 2025

Authentication bypass in github.com/nanobox-io/golang-nanoauth

CVE-2020-36569

Description

Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/nanobox-io/golang-nanoauthGo
>= 0.0.0-20160722212129-ac0cc4484ad4, < 0.0.0-20200131131040-063a3fb698960.0.0-20200131131040-063a3fb69896

Affected products

2
  • ghsa-coords
    Range: >= 0.0.0-20160722212129-ac0cc4484ad4, < 0.0.0-20200131131040-063a3fb69896
  • github.com/nanobox-io/golang-nanoauth/github.com/nanobox-io/golang-nanoauthv5
    Range: 0.0.0-20160722212129-ac0cc4484ad4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.