Lucene search
Veracode Vulnerability DatabaseVERACODE:35637HistoryMay 23, 2022 - 3:51 a.m.
Authentication Bypass
2022-05-2303:51:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
0.002 Low
EPSS
Percentile
53.7%
github.com/beego/beego is vulnerable to authentication bypass. When the /v1/yangeryl/:name route is configured, An attacker can access it by appending the .xml suffix into the url (eg:/v1/yangeryl.xml/yangeryl.xml) as the insufficient strings validation in the match function of tree.go
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/beego/beego | le | v2.0.2 | |
| github.com/beego/beego | le | v2.0.2 |
References
beego.vip
github.com/advisories/GHSA-qx32-f6g6-fcfr
github.com/beego/beego/blob/411fbb8cdb4424518e75ad3d6882635de0dcb397/server/web/tree.go#L344
github.com/beego/beego/commit/64cf44d725c8cc35d782327d333df9cbeb1bf2dd
github.com/beego/beego/issues/4946
github.com/beego/beego/pull/4951
github.com/beego/beego/pull/4954
github.com/beego/beego/tree/v2.0.2
Related
gitlab
gitlab
Authentication Bypass Using an Alternate Path or Channel
2022-05-21 00:00:00
Access control bypass in beego
2022-05-22 00:00:00
Access control bypass in beego
2022-05-22 00:00:00
osv
osv
CVE-2022-31259
2022-05-21 19:15:52
Access control bypass in beego
2022-05-22 00:00:32
cvelist
cvelist
CVE-2022-31259
2022-05-21 00:00:00
nvd
nvd
CVE-2022-31259
2022-05-21 19:15:52
github
github
Access control bypass in beego
2022-05-22 00:00:32
cve
cve
CVE-2022-31259
2022-05-21 19:15:52
prion
prion
Improper access control
2022-05-21 19:15:00
