| id: GO-2022-1213 |
| modules: |
| - module: github.com/go-macaron/csrf |
| versions: |
| - fixed: 0.0.0-20180426211050-dadd1711a617 |
| vulnerable_at: 0.0.0-20170207230724-428b7c62d7d0 |
| packages: |
| - package: github.com/go-macaron/csrf |
| symbols: |
| - Generate |
| skip_fix: 'TODO: revisit this reason (cannot find module providing package github.com/Unknwon/com)' |
| summary: Insecure generation of cookies in github.com/go-macaron/csrf |
| description: |- |
| The Options.Secure value is ignored, and cookies created by Generate never have |
| the secure attribute. |
| cves: |
| - CVE-2018-25060 |
| ghsas: |
| - GHSA-hhxg-px5h-jc32 |
| references: |
| - fix: https://github.com/go-macaron/csrf/pull/7 |
| - fix: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c |
| review_status: REVIEWED |