Github.Com Beego Beego vulnerabilities
7 known vulnerabilities affecting github.com/beego_beego.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-31259P2CRITICAL≥ 0, < 1.12.92022-05-22
CVE-2022-31259 [CRITICAL] CWE-284 Access control bypass in beego
Access control bypass in beego
The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows attackers to bypass access control. When a /`p1`/`p2`/`:name` route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
ghsaosv
CVE-2021-30080P3HIGH≥ 0, ≤ 1.12.112022-04-06
CVE-2021-30080 [HIGH] Access control bypass in Beego
Access control bypass in Beego
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
ghsaosv
CVE-2022-31836P3CRITICAL≥ 0, < 1.12.112022-07-06
CVE-2022-31836 [CRITICAL] CWE-22 Path Traversal in Beego
Path Traversal in Beego
The `leafInfo.match()` function in Beego v2.0.3 and below uses `path.join()` to deal with wildcardvalues which can lead to cross directory risk.
ghsaosv
CVE-2024-55885P3MEDIUM≥ 0, ≤ 1.12.142024-12-12
CVE-2024-55885 [MEDIUM] CWE-327 Beego has Collision Hazards of MD5 in Cache Key Filenames
Beego has Collision Hazards of MD5 in Cache Key Filenames
In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability
ghsaosv
CVE-2025-30223P3CRITICAL≥ 0, ≤ 1.12.142025-03-31
CVE-2025-30223 [CRITICAL] CWE-79 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
### Summary
A Cross-Site Scripting (XSS) vulnerability exists in Beego's `RenderForm()` function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially lea
ghsaosv
CVE-2019-16355P4MEDIUM≥ 0, < 1.12.22022-05-24
CVE-2019-16355 [MEDIUM] CWE-276 Incorrect Default Permissions in Beego
Incorrect Default Permissions in Beego
The File Session Manager in Beego before 1.12.2 allows local users to read session files because of weak permissions for individual files.
ghsa
CVE-2019-16354P4MEDIUM≥ 0, < 1.12.22021-08-02
CVE-2019-16354 [MEDIUM] CWE-362 Beego has a file creation race condition
Beego has a file creation race condition
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
ghsaosv