CVE-2018-25060

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-25060
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25060.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-25060
Aliases
Related
Published
2022-12-30T12:15:09Z
Modified
2025-01-08T10:19:45.949766Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

References

Affected packages

Debian:11 / golang-github-go-macaron-csrf

Package

Name
golang-github-go-macaron-csrf
Purl
pkg:deb/debian/golang-github-go-macaron-csrf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20170207.0.428b7c6-5
0.0~git20170207.0.428b7c6-6

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/go-macaron/csrf

Affected ranges

Type
GIT
Repo
https://github.com/go-macaron/csrf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
dadd1711a617000b70e5e408a76531b73187031c
Fixed
dadd1711a617000b70e5e408a76531b73187031c