github.com/astaxie/beego (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/astaxie/beego, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2021-30080 — CVSS 9.8 (critical): An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
CVE-2022-31259 — CVSS 9.8 (critical): The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route…
CVE-2022-31836 — CVSS 9.8 (critical): The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
CVE-2019-16355 — CVSS 5.5 (medium): The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
CVE-2019-16354 — CVSS 4.7 (medium): The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation…