VYPR

Go modules package

github.com/gorilla/csrf

pkg:golang/github.com/gorilla/csrf

Vulnerabilities (2)

  • CVE-2025-47909HigAug 29, 2025
    affected <= 1.7.3

    Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com be

  • CVE-2025-24358MedApr 15, 2025
    affected < 1.7.3fixed 1.7.3

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests onl