{"id":"GO-2022-1213","summary":"Insecure generation of cookies in github.com/go-macaron/csrf","details":"The Options.Secure value is ignored, and cookies created by Generate never have the secure attribute.","aliases":["CVE-2018-25060","GHSA-hhxg-px5h-jc32"],"modified":"2026-03-17T04:29:22.278221Z","published":"2023-01-03T23:05:24Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-1213","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/go-macaron/csrf/pull/7"},{"type":"FIX","url":"https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c"}],"affected":[{"package":{"name":"github.com/go-macaron/csrf","ecosystem":"Go","purl":"pkg:golang/github.com/go-macaron/csrf"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20180426211050-dadd1711a617"}]}],"ecosystem_specific":{"imports":[{"symbols":["Generate"],"path":"github.com/go-macaron/csrf"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-1213.json"}}],"schema_version":"1.7.5"}