Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2016-15005: GO-2020-0045 - Go Packages

CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.

CVE
#csrf
  • Why Go

    • Common problems companies solve with Go

    • Stories about how and why companies use Go

    • How Go can help keep you secure by default

  • Learn

  • Docs

    • Tips for writing clear, performant, and idiomatic Go code

    • A complete introduction to building software with Go

    • Reference documentation for Go’s standard library

    • Learn what’s new in each Go release

  • Packages

  • Community

    • Videos from prior events

    • Meet other local Go developers

    • Learn and network with Go developers from around the world

    • The Go project’s official blog.

    • Get help and stay informed from Go

    • Get connected

Related news

GHSA-q9qr-jwpw-3qvv: Golf may allow attacker to bypass CSRF protections

CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda