28 matches found
GitHub Security Lab: [Go]: Add Beego.Input.RequestBody source to Beego framework
Vulnerability description not provided...
PT-2022-20952 · Beego · Beego
Name of the Vulnerable Software and Affected Versions: Beego versions 2.0.3 and below Description: The leafInfo.match function uses path.join to deal with wildcard values, which can lead to cross directory risk. This issue affects the Beego framework, potentially allowing unauthorized access to...
CVE-2022-31259
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...
Beego 后置链接漏洞
Beego is an open source web framework based on the Go language. A backward linking vulnerability in the file profile.go in the function GetCPUProfile in Beego 2.0.2 and earlier versions allows attackers to locally launch a symbolic link attack...
Beego 安全漏洞
Beego is an open source web framework based on the Go language. A security vulnerability existed prior to Beego 2.0.1 that stemmed from a route lookup process that allowed an attacker to bypass access control...
Unauthorized Access Vulnerability in Beego Framework
beego is an application framework developed in Go. An unauthorized access vulnerability exists in the Beego framework, which can be exploited by an attacker to obtain sensitive information...
Beego File Session Manager Information Disclosure Vulnerability
Beego is an open source web framework based on the Go language . File Session Manager is one of the file Session Manager. An information disclosure vulnerability exists in File Session Manager in Beego version 1.10.0, which can be exploited by a local attacker to read session files...
Beego File Session Manager Information Disclosure Vulnerability (CNVD-2019-32482)
Beego is an open source web framework based on the Go language . File Session Manager is one of the file Session Manager. An information disclosure vulnerability exists in File Session Manager in Beego version 1.10.0, which can be exploited by a local attacker to read session files...