16 matches found
CVE-2021-27116
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
EUVD-2021-1694
Malware in sbrugna...
EUVD-2022-1723
Malicious code in bioql PyPI...
EUVD-2022-5053
Malicious code in bioql PyPI...
EUVD-2022-1592
Malicious code in bioql PyPI...
EUVD-2022-1598
Malicious code in bioql PyPI...
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
CVE-2022-31836
The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...
CVE-2021-27117
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
CVE-2021-30080
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control...
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Cross-site Scripting (XSS)
github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...
Beego 安全漏洞
Beego is an open source web framework based on the Go language from Beego Open Source. A security vulnerability exists in Beego version 2.3.3, which stems from the use of MD5 as a hashing algorithm and is vulnerable to collision attacks...
Beego 安全漏洞
Beego is an open source web framework based on the Go language from Beego Open Source. A security vulnerability exists in Beego before version v.2.2.0. A remote attacker could elevate privileges through the getCacheFileName function in the file.go file...
CVE-2022-31836
CVE-2022-31836 describes a path traversal in Beego where the leafInfo.match() function uses path.join() to handle wildcard values, enabling a remote attacker to traverse directories via URLs containing ../../. Public details confirm the issue affects Beego v2.0.3 and earlier; the core vulnerabili...
Beego 路径遍历漏洞
Beego is an open source web framework based on the Go language. A security vulnerability exists in Beego v2.0.3 and earlier versions, which stems from the use of path.join by the leafInfo.match function to handle wildcardValues, which may lead to cross-directory risks...