CVE-2020-36569 Information

Description

Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

Reference

https://pkg.go.dev/vuln/GO-2020-0004 https://github.com/nanobox-io/golang-nanoauth/pull/5 https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3