14 matches found
EUVD-2022-7649
Malicious code in bioql PyPI...
CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
Linux Distros Unpatched Vulnerability : CVE-2018-25060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The...
Cross-site Request Forgery (CSRF)
github.com/go-macaron/csrf is vulnerable to Cross-site Request Forgery CSRF. The vulnerability exists because the Generate function in csrf.go does not set the secure mode for the CSRF cookie as the value is hardcoded to false for the corresponding arguments of SetCookie, allowing an attacker to...
GO-2022-1213 Insecure generation of cookies in github.com/go-macaron/csrf
The Options.Secure value is ignored, and cookies created by Generate never have the secure attribute...
GHSA-HHXG-PX5H-JC32 Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...
CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
Design/Logic Flaw
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
CVE-2018-25060
CVE-2018-25060 affects the Macaron csrf component (go-macaron/csrf) via the csrf.go Generate path. Affects cookies created by Generate: the Secure attribute is not applied, allowing cookies to be sent over non-SSL connections. The vulnerability can be exploited remotely; the attack complexity is ...
CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
CVE-2018-25060 Macaron csrf csrf.go missing secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...