x/vulndb: potential Go vuln in github.com/nanobox-io/golang-nanoauth: GHSA-hrm3-3xm6-x33h

In GitHub Security Advisory [GHSA-hrm3-3xm6-x33h](https://github.com/advisories/GHSA-hrm3-3xm6-x33h), there is a vulnerability in the following Go packages or modules:

| Unit | Fixed | Vulnerable Ranges |
| - | - | - |
| [github.com/nanobox-io/golang-nanoauth](https://pkg.go.dev/github.com/nanobox-io/golang-nanoauth) |  | >= 0.0.0-20160722212129-ac0cc4484ad4, < 0.0.0-20200131131040-063a3fb69896 |

Cross references:
- CVE-2020-36569 appears in issue #4


See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
  - module: TODO
    versions:
      - introduced: TODO (earliest fixed "", vuln range ">= 0.0.0-20160722212129-ac0cc4484ad4,
            < 0.0.0-20200131131040-063a3fb69896")
    packages:
      - package: github.com/nanobox-io/golang-nanoauth
description: Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth
    between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896
    if ListenAndServe is called with an empty token.
cves:
  - CVE-2020-36569
ghsas:
  - GHSA-hrm3-3xm6-x33h

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/nanobox-io/golang-nanoauth: GHSA-hrm3-3xm6-x33h #1227

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/nanobox-io/golang-nanoauth: GHSA-hrm3-3xm6-x33h #1227

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions