CVE-2024-55885
published 2024-12-12CVE-2024-55885: beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.34%
25.3th percentile
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beego | beego | < 2.3.4 | 2.3.4 |
| github.com | beego_beego | 0 – 1.12.14 | — |
| github.com | beego_beego_v2 | >= 0 < 2.3.4 | 2.3.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Beego has Collision Hazards of MD5 in Cache Key Filenames in github.com/beego/beego
osv·2024-12-18
CVE-2024-55885 Beego has Collision Hazards of MD5 in Cache Key Filenames in github.com/beego/beego
Beego has Collision Hazards of MD5 in Cache Key Filenames in github.com/beego/beego
Beego has Collision Hazards of MD5 in Cache Key Filenames in github.com/beego/beego
GHSA
Beego has Collision Hazards of MD5 in Cache Key Filenames
ghsa·2024-12-12
CVE-2024-55885 [MEDIUM] CWE-327 Beego has Collision Hazards of MD5 in Cache Key Filenames
Beego has Collision Hazards of MD5 in Cache Key Filenames
In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks.
### Understanding Collisions
A collision in hashing occurs when two different inputs produce the same hash output. For MD5, this means that it is theoretically possible, and even practical, to find two distinct cache keys that result in the same MD5 hash. This vulnerability has been well-documented and exploited in various security contexts.
### Implications for C
OSV
Beego has Collision Hazards of MD5 in Cache Key Filenames
osv·2024-12-12
CVE-2024-55885 [MEDIUM] Beego has Collision Hazards of MD5 in Cache Key Filenames
Beego has Collision Hazards of MD5 in Cache Key Filenames
In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks.
### Understanding Collisions
A collision in hashing occurs when two different inputs produce the same hash output. For MD5, this means that it is theoretically possible, and even practical, to find two distinct cache keys that result in the same MD5 hash. This vulnerability has been well-documented and exploited in various security contexts.
### Implications for C
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-12
Published