beego beego vulnerabilities and exploits

(subscribe to this query)

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.

1 Github repository

The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows malicious users to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).

1 Github repository

An issue exists in file profile.go in function MemProf in beego up to and including 2.0.2, allows malicious users to launch symlink attacks locally.

An issue exists in file profile.go in function GetCPUProfile in beego up to and including 2.0.2, allows malicious users to launch symlink attacks locally.

An issue exists in the route lookup process in beego prior to 1.12.11 that allows malicious users to bypass access control.

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.

Beego Beego 1.10.0

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

Beego Beego 2.0.1

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.

Beego Beego 1.10.0

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook