cbcvebase.

Github.Com Beego Beego V2 vulnerabilities

10 known vulnerabilities affecting github.com/beego_beego_v2.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-31259P2CRITICAL≥ 0, < 2.0.32022-05-22
CVE-2022-31259 [CRITICAL] CWE-284 Access control bypass in beego Access control bypass in beego The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows attackers to bypass access control. When a /`p1`/`p2`/`:name` route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
ghsaosv
CVE-2021-30080P3HIGH≥ 2.0.0, < 2.0.32022-04-06
CVE-2021-30080 [HIGH] Access control bypass in Beego Access control bypass in Beego An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
ghsaosv
CVE-2024-40464P3HIGH≥ 0, < 2.2.12024-07-31
CVE-2024-40464 [HIGH] CWE-295 Beego privilege escalation vulnerability Beego privilege escalation vulnerability An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the `sendMail` function located in the `beego/core/logs/smtp.go` file.
ghsaosv
CVE-2024-40465P3HIGH≥ 0, < 2.2.12024-07-31
CVE-2024-40465 [HIGH] CWE-327 Beego privilege escalation vulnerability Beego privilege escalation vulnerability An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the `getCacheFileName` function in the `file.go` file.
ghsaosv
CVE-2022-31836P3CRITICAL≥ 2.0.0, < 2.0.42022-07-06
CVE-2022-31836 [CRITICAL] CWE-22 Path Traversal in Beego Path Traversal in Beego The `leafInfo.match()` function in Beego v2.0.3 and below uses `path.join()` to deal with wildcardvalues which can lead to cross directory risk.
ghsaosv
CVE-2024-55885P3MEDIUM≥ 0, < 2.3.42024-12-12
CVE-2024-55885 [MEDIUM] CWE-327 Beego has Collision Hazards of MD5 in Cache Key Filenames Beego has Collision Hazards of MD5 in Cache Key Filenames In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability
ghsaosv
CVE-2025-30223P3CRITICAL≥ 0, < 2.3.62025-03-31
CVE-2025-30223 [CRITICAL] CWE-79 Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input ### Summary A Cross-Site Scripting (XSS) vulnerability exists in Beego's `RenderForm()` function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially lea
ghsaosv
CVE-2021-27117P3HIGH≥ 2.0.0, < 2.0.22022-04-06
CVE-2021-27117 [HIGH] CWE-59 Privilege escalation in beego Privilege escalation in beego beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
ghsaosv
CVE-2021-27116P3HIGH≥ 2.0.0, < 2.0.22022-04-06
CVE-2021-27116 [HIGH] CWE-59 Privilege escalation in beego Privilege escalation in beego An issue was discovered in file profile.go. The MemProf and GetCPUProfile functions do not correctly check whether the created file exists. As a result attackers can launch attacks symlink attacks locally. Attackers can use this vulnerability to escalate privileges.
ghsaosv
CVE-2021-39391P4MEDIUM≥ 0, < 2.0.22021-09-15
CVE-2021-39391 [MEDIUM] CWE-64 Cross-site Scripting in Beego Cross-site Scripting in Beego Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
ghsaosv