data/reports/GO-2022-1213.yaml - vulndb - Git at Google

 modules:
   - module: github.com/go-macaron/csrf
     versions:
       - fixed: 0.0.0-20180426211050-dadd1711a617
     vulnerable_at: 0.0.0-20170207230724-428b7c62d7d0
     packages:
       - package: github.com/go-macaron/csrf
         symbols:
           - Generate
         skip_fix: 'TODO: revisit this reason (cannot find module providing package
             github.com/Unknwon/com)'
 description: |
     The Options.Secure value is ignored, and cookies created by Generate never
     have the secure attribute.
 cves:
   - CVE-2018-25060
 ghsas:
   - GHSA-hhxg-px5h-jc32
 references:
   - fix: https://github.com/go-macaron/csrf/pull/7
   - fix: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
	modules:
	- module: github.com/go-macaron/csrf
	versions:
	- fixed: 0.0.0-20180426211050-dadd1711a617
	vulnerable_at: 0.0.0-20170207230724-428b7c62d7d0
	packages:
	- package: github.com/go-macaron/csrf
	symbols:
	- Generate
	skip_fix: 'TODO: revisit this reason (cannot find module providing package
	github.com/Unknwon/com)'
	description: \|
	The Options.Secure value is ignored, and cookies created by Generate never
	have the secure attribute.
	cves:
	- CVE-2018-25060
	ghsas:
	- GHSA-hhxg-px5h-jc32
	references:
	- fix: https://github.com/go-macaron/csrf/pull/7
	- fix: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c