CVE-2020-36564 Information

Description

Due to improper validation of caller input validation is silently disabled if the provided expected token is malformed causing any user supplied token to be considered valid.

Reference

https://pkg.go.dev/vuln/GO-2020-0049 https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314 https://github.com/justinas/nosurf/pull/60