Github.Com Beego Beego V2 vulnerabilities
10 known vulnerabilities affecting github.com/beego_beego_v2.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-31259P2CRITICAL≥ 0, < 2.0.32022-05-22
CVE-2022-31259 [CRITICAL] CWE-284 Access control bypass in beego
Access control bypass in beego
The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows attackers to bypass access control. When a /`p1`/`p2`/`:name` route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
ghsaosv
CVE-2021-30080P3HIGH≥ 2.0.0, < 2.0.32022-04-06
CVE-2021-30080 [HIGH] Access control bypass in Beego
Access control bypass in Beego
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
ghsaosv
CVE-2024-40464P3HIGH≥ 0, < 2.2.12024-07-31
CVE-2024-40464 [HIGH] CWE-295 Beego privilege escalation vulnerability
Beego privilege escalation vulnerability
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the `sendMail` function located in the `beego/core/logs/smtp.go` file.
ghsaosv
CVE-2024-40465P3HIGH≥ 0, < 2.2.12024-07-31
CVE-2024-40465 [HIGH] CWE-327 Beego privilege escalation vulnerability
Beego privilege escalation vulnerability
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the `getCacheFileName` function in the `file.go` file.
ghsaosv
CVE-2022-31836P3CRITICAL≥ 2.0.0, < 2.0.42022-07-06
CVE-2022-31836 [CRITICAL] CWE-22 Path Traversal in Beego
Path Traversal in Beego
The `leafInfo.match()` function in Beego v2.0.3 and below uses `path.join()` to deal with wildcardvalues which can lead to cross directory risk.
ghsaosv
CVE-2024-55885P3MEDIUM≥ 0, < 2.3.42024-12-12
CVE-2024-55885 [MEDIUM] CWE-327 Beego has Collision Hazards of MD5 in Cache Key Filenames
Beego has Collision Hazards of MD5 in Cache Key Filenames
In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability
ghsaosv
CVE-2025-30223P3CRITICAL≥ 0, < 2.3.62025-03-31
CVE-2025-30223 [CRITICAL] CWE-79 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
### Summary
A Cross-Site Scripting (XSS) vulnerability exists in Beego's `RenderForm()` function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially lea
ghsaosv
CVE-2021-27117P3HIGH≥ 2.0.0, < 2.0.22022-04-06
CVE-2021-27117 [HIGH] CWE-59 Privilege escalation in beego
Privilege escalation in beego
beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
ghsaosv
CVE-2021-27116P3HIGH≥ 2.0.0, < 2.0.22022-04-06
CVE-2021-27116 [HIGH] CWE-59 Privilege escalation in beego
Privilege escalation in beego
An issue was discovered in file profile.go. The MemProf and GetCPUProfile functions do not correctly check whether the created file exists. As a result attackers can launch attacks symlink attacks locally. Attackers can use this vulnerability to escalate privileges.
ghsaosv
CVE-2021-39391P4MEDIUM≥ 0, < 2.0.22021-09-15
CVE-2021-39391 [MEDIUM] CWE-64 Cross-site Scripting in Beego
Cross-site Scripting in Beego
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
ghsaosv