{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45292","assignerOrgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","state":"PUBLISHED","assignerShortName":"Go","dateReserved":"2023-10-06T17:06:26.221Z","datePublished":"2023-12-11T21:51:16.055Z","dateUpdated":"2024-08-02T20:21:15.289Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","shortName":"Go","dateUpdated":"2023-12-11T21:51:16.055Z"},"title":"Captcha verification bypass in github.com/mojocn/base64Captcha","descriptions":[{"lang":"en","value":"When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct."}],"affected":[{"vendor":"github.com/mojocn/base64Captcha","product":"github.com/mojocn/base64Captcha","collectionURL":"https://pkg.go.dev","packageName":"github.com/mojocn/base64Captcha","versions":[{"version":"0","lessThan":"1.3.6","status":"affected","versionType":"semver"}],"programRoutines":[{"name":"memoryStore.Verify"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-305: Authentication Bypass by Primary Weakness"}]}],"references":[{"url":"https://github.com/mojocn/base64Captcha/issues/120"},{"url":"https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13"},{"url":"https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7"},{"url":"https://pkg.go.dev/vuln/GO-2023-2386"}],"credits":[{"lang":"en","value":"@cangkuai"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:21:15.289Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/mojocn/base64Captcha/issues/120","tags":["x_transferred"]},{"url":"https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13","tags":["x_transferred"]},{"url":"https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7","tags":["x_transferred"]},{"url":"https://pkg.go.dev/vuln/GO-2023-2386","tags":["x_transferred"]}]}]}}