CVE-2016-15005 Information

Description

CSRF tokens are generated using math/rand which is not a cryptographically secure rander number generation making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.

Reference

https://pkg.go.dev/vuln/GO-2020-0045 https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe https://github.com/dinever/golf/pull/24 https://github.com/dinever/golf/issues/20