89 matches found
gopkg.in/macaron.v1 Open Redirect vulnerability
macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
GHSA-733F-44F3-3FRW gopkg.in/macaron.v1 Open Redirect vulnerability
macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
Fedora: Security Advisory for golang-gopkg-macaron-1 (FEDORA-2020-66e6e8d027)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : golang-gopkg-macaron-1 (2020-66e6e8d027)
Update to 1.4.0 Security fix for CVE-2020-12666 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
[SECURITY] Fedora 32 Update: golang-gopkg-macaron-1-1.4.0-1.fc32
Package Macaron is a high productive and modular web framework in Go...
RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3369 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
macaron: open redirect in the static handler
A flaw was found in macaron. Path URLs aren't cleaned before being redirected creating an open redirect in the static handler...
CVE-2020-12666
A flaw was found in macaron. Path URLs aren't cleaned before being redirected creating an open redirect in the static handler...
Open Redirection
github.com/go-macaron/macaron is vulnerable to open redirection. Lack of validation of the path URL allows a remote attacker to redirect users to a malicious site to steal user credentials...
macaron input validation error vulnerability
macaron is a modular Web framework based on the Go language . An input validation error vulnerability exists in the static handler in versions prior to macaron 1.3.7. The vulnerability stems from a web system or product that does not properly validate input data. No detailed vulnerability details...
CVE-2020-12666
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...
CVE-2020-12666
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...
Open redirect
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...
CVE-2020-12666
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...
CVE-2020-12666
CVE-2020-12666 is an open redirect in the macaron web framework (gopkg.in/macaron.v1) — specifically in the static handler. The root cause is improper request sanitization, allowing a crafted URL to redirect to an attacker-chosen URL. Remediation documented across sources: upgrade to macaron 1.3....
PT-2020-13193 · Macaron · Macaron
Name of the Vulnerable Software and Affected Versions: macaron versions prior to 1.3.7 Description: The issue is related to an open redirect in the static handler due to improper request sanitization. This allows a specifically crafted URL to cause the static file handler to redirect to an...
CVE-2018-18926
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...
CVE-2018-18926
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...
CVE-2018-18925
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...
CVE-2018-18925
Gogs 0.11.66 is vulnerable to remote code execution due to improper validation of session IDs, demonstrated by a ".." session-file forgery in the file.go session provider. The issue stems from session handling in the Macaron-based go-macaron/session code, allowing an attacker to map a crafted ses...