{"id":"CVE-2020-36564","details":"Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.","aliases":["GHSA-5x84-q523-vvwr","GO-2020-0049"],"modified":"2026-05-30T15:30:12.798949Z","published":"2022-12-27T22:15:11.673Z","references":[{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2020-0049"},{"type":"FIX","url":"https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314"},{"type":"FIX","url":"https://github.com/justinas/nosurf/pull/60"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/justinas/nosurf","events":[{"introduced":"0"},{"fixed":"4d86df7a4affa1fa50ab39fb09aac56c3ce9c314"}],"database_specific":{"cpe":"cpe:2.3:a:nosurf_project:nosurf:*:*:*:*:*:go:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.1.1"}],"source":["CPE_RANGE","REFERENCES"]}}],"versions":["v1.1.0","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36564.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}