Vulnerability CVE-2020-36569


Published: 2022-12-27

Description:
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

 References:
https://pkg.go.dev/vuln/GO-2020-0004
https://github.com/nanobox-io/golang-nanoauth/pull/5
https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3

Copyright 2026, cxsecurity.com

 

Back to Top