Vulnerability Report: GO-2023-2386

CVE-2023-45292, GHSA-5mmw-p5qv-w3x5
Affects: github.com/mojocn/base64Captcha
Published: Dec 08, 2023
Modified: Dec 14, 2023

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.

Affected Packages

Path

Versions

Symbols
github.com/mojocn/base64Captcha

before v1.3.6

all symbols

Aliases

CVE-2023-45292
GHSA-5mmw-p5qv-w3x5

References

https://github.com/mojocn/base64Captcha/issues/120
https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13
https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7
https://vuln.go.dev/ID/GO-2023-2386.json

Credits

@cangkuai

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL