github.com/beego/beego/v2
Go9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/beego/beego/v2page 1 of 1
- CVE-2021-27116HIGHCVSS 7.8EG 7.8✓ Fixed in 2.0.22022-04-05
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
- CVE-2021-27117HIGHCVSS 7.8EG 7.8✓ Fixed in 2.0.22022-04-05
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
- CVE-2021-30080CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.32022-04-05
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
- CVE-2021-39391MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.0.22021-09-14
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
- CVE-2022-31259CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.32022-05-21
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p…
- CVE-2022-31836CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.42022-07-05
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
- CVE-2024-40464HIGHCVSS 8.8EG 8.8✓ Fixed in 2.2.12024-07-31
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
- CVE-2024-40465HIGHCVSS 8.8EG 8.8✓ Fixed in 2.2.12024-07-31
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
- CVE-2024-55885HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.42024-12-12
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision …
Check whether github.com/beego/beego/v2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/beego/beego/v2 CVEs against the assets you own.
Start Free Scan →