CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/dinever/golf(Go) | 0 | 0.3.0 | N/A |
CVSS Metrics
