An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-31
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
CVSS Score
8.8
EPSS Score
0.002
Published
2024-07-31
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-07-05
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-21
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-05
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-05
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-05
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
CVSS Score
4.7
EPSS Score
0.0
Published
2019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-16