github.com/go-macaron/csrf is vulnerable to Cross-site Request Forgery (CSRF). The vulnerability exists because the Generate
function in csrf.go
does not set the secure mode for the CSRF cookie as the value is hardcoded to false for the corresponding arguments of SetCookie()
, allowing an attacker to bypass CSRF protection through the CSRF cookie.