cbcvebase.

Github.Com Beego Beego vulnerabilities

7 known vulnerabilities affecting github.com/beego_beego.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2022-31259P2CRITICAL≥ 0, < 1.12.92022-05-22
CVE-2022-31259 [CRITICAL] CWE-284 Access control bypass in beego Access control bypass in beego The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows attackers to bypass access control. When a /`p1`/`p2`/`:name` route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
ghsaosv
CVE-2021-30080P3HIGH≥ 0, ≤ 1.12.112022-04-06
CVE-2021-30080 [HIGH] Access control bypass in Beego Access control bypass in Beego An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
ghsaosv
CVE-2022-31836P3CRITICAL≥ 0, < 1.12.112022-07-06
CVE-2022-31836 [CRITICAL] CWE-22 Path Traversal in Beego Path Traversal in Beego The `leafInfo.match()` function in Beego v2.0.3 and below uses `path.join()` to deal with wildcardvalues which can lead to cross directory risk.
ghsaosv
CVE-2024-55885P3MEDIUM≥ 0, ≤ 1.12.142024-12-12
CVE-2024-55885 [MEDIUM] CWE-327 Beego has Collision Hazards of MD5 in Cache Key Filenames Beego has Collision Hazards of MD5 in Cache Key Filenames In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability
ghsaosv
CVE-2025-30223P3CRITICAL≥ 0, ≤ 1.12.142025-03-31
CVE-2025-30223 [CRITICAL] CWE-79 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input ### Summary A Cross-Site Scripting (XSS) vulnerability exists in Beego's `RenderForm()` function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially lea
ghsaosv
CVE-2019-16355P4MEDIUM≥ 0, < 1.12.22022-05-24
CVE-2019-16355 [MEDIUM] CWE-276 Incorrect Default Permissions in Beego Incorrect Default Permissions in Beego The File Session Manager in Beego before 1.12.2 allows local users to read session files because of weak permissions for individual files.
ghsa
CVE-2019-16354P4MEDIUM≥ 0, < 1.12.22021-08-02
CVE-2019-16354 [MEDIUM] CWE-362 Beego has a file creation race condition Beego has a file creation race condition The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
ghsaosv
Github.Com Beego Beego vulnerabilities | cvebase