Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38840
HistoryJan 12, 2023 - 2:18 a.m.

Cross-site Request Forgery (CSRF)

2023-01-1202:18:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
github.com/go-macaron/csrf
cross-site request forgery
csrf cookie
insecure handling

EPSS

0.001

Percentile

41.7%

JSON

github.com/go-macaron/csrf is vulnerable to Cross-site Request Forgery (CSRF). The vulnerability exists because the Generate function in csrf.go does not set the secure mode for the CSRF cookie as the value is hardcoded to false for the corresponding arguments of SetCookie(), allowing an attacker to bypass CSRF protection through the CSRF cookie.

Related

cvelist 1
debiancve 1
prion 1
cve 1
osv 3
nvd 1
ubuntucve 1
github 1
cvelist
cvelist
CVE-2018-25060 Macaron csrf csrf.go missing secure attribute
2022-12-30 11:47:29
debiancve
debiancve
CVE-2018-25060
2022-12-30 12:15:09
prion
prion
Design/Logic Flaw
2022-12-30 12:15:00
cve
cve
CVE-2018-25060
2022-12-30 12:15:09
osv
osv
Insecure generation of cookies in github.com/go-macaron/csrf
2023-01-03 23:05:24
CVE-2018-25060
2022-12-30 12:15:09
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25
nvd
nvd
CVE-2018-25060
2022-12-30 12:15:09
ubuntucve
ubuntucve
CVE-2018-25060
2022-12-30 00:00:00
github
github
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25

EPSS

0.001

Percentile

41.7%

JSON
Related for VERACODE:38840
cvelist1debiancve1prion1cve1osv3nvd1ubuntucve1github1