Go modules package
github.com/justinas/nosurf
pkg:golang/github.com/justinas/nosurf
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46721 | — | < 1.2.0 | 1.2.0 | May 13, 2025 | nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass CSRF checks and issue req | ||
| CVE-2020-36564 | — | < 1.1.1 | 1.1.1 | Dec 27, 2022 | Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. |
- CVE-2025-46721May 13, 2025affected < 1.2.0fixed 1.2.0
nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass CSRF checks and issue req
- CVE-2020-36564Dec 27, 2022affected < 1.1.1fixed 1.1.1
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.