Source: golang-github-go-macaron-csrf X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for golang-github-go-macaron-csrf. CVE-2018-25060[0]: | A vulnerability was found in Macaron csrf and classified as | problematic. Affected by this issue is some unknown functionality of | the file csrf.go. The manipulation of the argument Generate leads to | sensitive cookie without secure attribute. The attack may be launched | remotely. The name of the patch is | dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a | patch to fix this issue. VDB-217058 is the identifier assigned to this | vulnerability. https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c https://github.com/go-macaron/csrf/pull/7 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-25060 https://www.cve.org/CVERecord?id=CVE-2018-25060 Please adjust the affected versions in the BTS as needed.
