Headline

GHSA-q9qr-jwpw-3qvv: Golf may allow attacker to bypass CSRF protections

CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.

2 years ago

ghsa

Open in Source

#csrf #git

Golf may allow attacker to bypass CSRF protections

Moderate severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 30, 2022

2 years ago

CVE

Open in Source

#csrf

ghsa: Latest News

GHSA-9jxq-5x44-gx23: Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

1 day ago

ghsa

GHSA-rmvr-2pp2-xj38: @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

1 day ago

ghsa

GHSA-xx4v-prfh-6cgc: @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

1 day ago

ghsa

GHSA-h5c3-5r3r-rr8q: @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

1 day ago

ghsa

GHSA-x4c5-c7rf-jjgv: @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

1 day ago

ghsa

Headline

GHSA-q9qr-jwpw-3qvv: Golf may allow attacker to bypass CSRF protections

Related news

ghsa: Latest News