github.com/astaxie/beego

Go5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/astaxie/beegopage 1 of 1

CVE-2019-16354MEDIUMCVSS 4.7EG 4.7✓ Fixed in 1.12.2
2019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
CVE-2019-16355MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.12.2
2019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
CVE-2021-30080CRITICALCVSS 9.8EG 9.8
2022-04-05
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
CVE-2022-31259CRITICALCVSS 9.8EG 9.8
2022-05-21
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p…
CVE-2022-31836CRITICALCVSS 9.8EG 9.8
2022-07-05
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.

Check whether github.com/astaxie/beego is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/astaxie/beego CVEs against the assets you own.

Start Free Scan →