Lucene search
K

89 matches found

Github Security Blog
Github Security Blog
added 2021/05/18 9:8 p.m.56 views

gopkg.in/macaron.v1 Open Redirect vulnerability

macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

6.1CVSS6AI score0.01375EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2021/05/18 9:8 p.m.26 views

GHSA-733F-44F3-3FRW gopkg.in/macaron.v1 Open Redirect vulnerability

macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

6.1CVSS6.1AI score0.01375EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.22 views

Fedora: Security Advisory for golang-gopkg-macaron-1 (FEDORA-2020-66e6e8d027)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS7.1AI score0.01375EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/01/04 12:0 a.m.30 views

Fedora 32 : golang-gopkg-macaron-1 (2020-66e6e8d027)

Update to 1.4.0 Security fix for CVE-2020-12666 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

6.1CVSS6.1AI score0.01375EPSS
Exploits1References2
Fedora
Fedora
added 2021/01/01 1:25 a.m.95 views

[SECURITY] Fedora 32 Update: golang-gopkg-macaron-1-1.4.0-1.fc32

Package Macaron is a high productive and modular web framework in Go...

6.1CVSS1.5AI score0.01375EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/08/07 12:0 a.m.53 views

RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3369 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

7.5CVSS7.1AI score0.8383EPSS
Exploits14References13
RedHat Linux
RedHat Linux
added 2020/08/06 8:19 p.m.10 views

macaron: open redirect in the static handler

A flaw was found in macaron. Path URLs aren't cleaned before being redirected creating an open redirect in the static handler...

6.1CVSS5.7AI score0.01375EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/06/23 12:56 p.m.25 views

CVE-2020-12666

A flaw was found in macaron. Path URLs aren't cleaned before being redirected creating an open redirect in the static handler...

5.8CVSS1.2AI score0.01375EPSS
Exploits1References3
Veracode
Veracode
added 2020/05/08 6:12 a.m.16 views

Open Redirection

github.com/go-macaron/macaron is vulnerable to open redirection. Lack of validation of the path URL allows a remote attacker to redirect users to a malicious site to steal user credentials...

6.1CVSS5.1AI score0.01375EPSS
Exploits1References6Affected Software8
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

macaron input validation error vulnerability

macaron is a modular Web framework based on the Go language . An input validation error vulnerability exists in the static handler in versions prior to macaron 1.3.7. The vulnerability stems from a web system or product that does not properly validate input data. No detailed vulnerability details...

6.1CVSS6.9AI score0.01375EPSS
Exploits1References1
NVD
NVD
added 2020/05/05 10:15 p.m.28 views

CVE-2020-12666

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...

6.1CVSS6.5AI score0.01375EPSS
Exploits1References3
OSV
OSV
added 2020/05/05 10:15 p.m.23 views

CVE-2020-12666

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...

6.1CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2020/05/05 10:15 p.m.17 views

Open redirect

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...

5.8CVSS6.3AI score0.01375EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2020/05/05 9:6 p.m.39 views

CVE-2020-12666

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL...

6.3AI score0.01375EPSS
Exploits1References3
CVE
CVE
added 2020/05/05 9:6 p.m.188 views

CVE-2020-12666

CVE-2020-12666 is an open redirect in the macaron web framework (gopkg.in/macaron.v1) — specifically in the static handler. The root cause is improper request sanitization, allowing a crafted URL to redirect to an attacker-chosen URL. Remediation documented across sources: upgrade to macaron 1.3....

6.1CVSS6AI score0.01375EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/05 12:0 a.m.4 views

PT-2020-13193 · Macaron · Macaron

Name of the Vulnerable Software and Affected Versions: macaron versions prior to 1.3.7 Description: The issue is related to an open redirect in the static handler due to improper request sanitization. This allows a specifically crafted URL to cause the static file handler to redirect to an...

6.1CVSS5.9AI score0.01375EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2018/11/04 6:29 a.m.21 views

CVE-2018-18926

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...

9.8CVSS7.8AI score0.03041EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/11/04 6:0 a.m.19 views

CVE-2018-18926

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...

9.8AI score0.03041EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/04 6:0 a.m.23 views

CVE-2018-18925

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...

8.9AI score0.31882EPSS
Exploits2References1
CVE
CVE
added 2018/11/04 6:0 a.m.161 views

CVE-2018-18925

Gogs 0.11.66 is vulnerable to remote code execution due to improper validation of session IDs, demonstrated by a ".." session-file forgery in the file.go session provider. The issue stems from session handling in the Macaron-based go-macaron/session code, allowing an attacker to map a crafted ses...

9.8CVSS8.8AI score0.31882EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder