Vulnerability Details CVE-2023-45292
When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.2%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7
- https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13
- https://github.com/mojocn/base64Captcha/issues/120
- https://pkg.go.dev/vuln/GO-2023-2386
- https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7
- https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13
- https://github.com/mojocn/base64Captcha/issues/120
- https://pkg.go.dev/vuln/GO-2023-2386
Products affected by CVE-2023-45292
-
cpe:2.3:a:mojotv:base64captcha:-
-
cpe:2.3:a:mojotv:base64captcha:1.2.2
-
cpe:2.3:a:mojotv:base64captcha:1.3.0
-
cpe:2.3:a:mojotv:base64captcha:1.3.1
-
cpe:2.3:a:mojotv:base64captcha:1.3.2
-
cpe:2.3:a:mojotv:base64captcha:1.3.3
-
cpe:2.3:a:mojotv:base64captcha:1.3.4
-
cpe:2.3:a:mojotv:base64captcha:1.3.5