Critical severityNVD Advisory· Published Dec 27, 2022· Updated Apr 11, 2025
Authentication bypass in github.com/nanobox-io/golang-nanoauth
CVE-2020-36569
Description
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/nanobox-io/golang-nanoauthGo | >= 0.0.0-20160722212129-ac0cc4484ad4, < 0.0.0-20200131131040-063a3fb69896 | 0.0.0-20200131131040-063a3fb69896 |
Affected products
2- ghsa-coordsRange: >= 0.0.0-20160722212129-ac0cc4484ad4, < 0.0.0-20200131131040-063a3fb69896
- github.com/nanobox-io/golang-nanoauth/github.com/nanobox-io/golang-nanoauthv5Range: 0.0.0-20160722212129-ac0cc4484ad4
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.