{"id":"GO-2023-2386","summary":"Captcha verification bypass in github.com/mojocn/base64Captcha","details":"When using the default implementation of Verify to check a Captcha, verification can be bypassed.\n\nFor example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.","aliases":["CVE-2023-45292","GHSA-5mmw-p5qv-w3x5"],"modified":"2026-03-17T04:49:05.120889Z","published":"2023-12-08T20:11:50Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-2386","review_status":"REVIEWED"},"references":[{"type":"REPORT","url":"https://github.com/mojocn/base64Captcha/issues/120"},{"type":"FIX","url":"https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"},{"type":"FIX","url":"https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"}],"affected":[{"package":{"name":"github.com/mojocn/base64Captcha","ecosystem":"Go","purl":"pkg:golang/github.com/mojocn/base64Captcha"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.6"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/mojocn/base64Captcha","symbols":["memoryStore.Verify"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2386.json"}}],"schema_version":"1.7.5","credits":[{"name":"@cangkuai"}]}