CVE-2018-25060

描述

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

如何修補 CVE-2018-25060

要修補 CVE-2018-25060,請將受影響套件升級到下列已修補版本。

• —未列出修補版本
• —升級至 0.0.0-20180426211050-dadd1711a617 或更新版本
• —升級至 0.0.0-20180426211050-dadd1711a617 或更新版本

CVE-2018-25060 正在被利用嗎?

低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。

受影響套件(3)

• from 0
• from 0, < 0.0.0-20180426211050-dadd1711a617
• from 0, < 0.0.0-20180426211050-dadd1711a617

CVSS 分數

參考連結(8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-25060
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-25060
• PATCHgithub.com/go-macaron/csrf
• WEBgithub.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
• WEB