data/reports/GO-2022-1213.yaml - vulndb - Git at Google

 id: GO-2022-1213
 modules:
     - module: github.com/go-macaron/csrf
       versions:
         - fixed: 0.0.0-20180426211050-dadd1711a617
       vulnerable_at: 0.0.0-20170207230724-428b7c62d7d0
       packages:
         - package: github.com/go-macaron/csrf
           symbols:
             - Generate
           skip_fix: 'TODO: revisit this reason (cannot find module providing package github.com/Unknwon/com)'
 summary: Insecure generation of cookies in github.com/go-macaron/csrf
 description: |-
     The Options.Secure value is ignored, and cookies created by Generate never have
     the secure attribute.
 cves:
     - CVE-2018-25060
 ghsas:
     - GHSA-hhxg-px5h-jc32
 references:
     - fix: https://github.com/go-macaron/csrf/pull/7
     - fix: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
	id: GO-2022-1213
	modules:
	- module: github.com/go-macaron/csrf
	versions:
	- fixed: 0.0.0-20180426211050-dadd1711a617
	vulnerable_at: 0.0.0-20170207230724-428b7c62d7d0
	packages:
	- package: github.com/go-macaron/csrf
	symbols:
	- Generate
	skip_fix: 'TODO: revisit this reason (cannot find module providing package github.com/Unknwon/com)'
	summary: Insecure generation of cookies in github.com/go-macaron/csrf
	description: \|-
	The Options.Secure value is ignored, and cookies created by Generate never have
	the secure attribute.
	cves:
	- CVE-2018-25060
	ghsas:
	- GHSA-hhxg-px5h-jc32
	references:
	- fix: https://github.com/go-macaron/csrf/pull/7
	- fix: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c