CVE-List 我的CVE列表 OpenJDK CVE-2023-21937 openjdkorg/groups/vulnerability/advisories/2023-04-18 CVE-2023-21938 openjdkorg/groups/vulnerability/advisories/2023-04-18 Beego CVE-2022-31259 beego/beego#4946 CVE-2022-31836 beego/beego#4961
The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows malicious users to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
beego beego |