Moderate severityNVD Advisory· Published Dec 12, 2024· Updated Dec 13, 2024
Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames
CVE-2024-55885
Description
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/beego/beegoGo | <= 1.12.14 | — |
github.com/beego/beego/v2Go | < 2.3.4 | 2.3.4 |
Affected products
46- osv-coords45 versionspkg:apk/chainguard/harbor-2.11pkg:apk/chainguard/harbor-2.11-exporterpkg:apk/chainguard/harbor-2.11-jobservicepkg:apk/chainguard/harbor-2.11-photon-registrypkg:apk/chainguard/harbor-2.11-portalpkg:apk/chainguard/harbor-2.11-portal-nginx-configpkg:apk/chainguard/harbor-2.11-redis-compatpkg:apk/chainguard/harbor-2.11-registryctlpkg:apk/chainguard/harbor-2.12pkg:apk/chainguard/harbor-2.12-exporterpkg:apk/chainguard/harbor-2.12-jobservicepkg:apk/chainguard/harbor-2.12-photon-registrypkg:apk/chainguard/harbor-2.12-portalpkg:apk/chainguard/harbor-2.12-portal-nginx-configpkg:apk/chainguard/harbor-2.12-redis-compatpkg:apk/chainguard/harbor-2.12-registryctlpkg:apk/chainguard/harbor-fips-2.11pkg:apk/chainguard/harbor-fips-2.11-dbpkg:apk/chainguard/harbor-fips-2.11-exporterpkg:apk/chainguard/harbor-fips-2.11-jobservicepkg:apk/chainguard/harbor-fips-2.11-photon-registrypkg:apk/chainguard/harbor-fips-2.11-portalpkg:apk/chainguard/harbor-fips-2.11-redis-compatpkg:apk/chainguard/harbor-fips-2.11-registryctlpkg:apk/chainguard/harbor-fips-2.12pkg:apk/chainguard/harbor-fips-2.12-dbpkg:apk/chainguard/harbor-fips-2.12-exporterpkg:apk/chainguard/harbor-fips-2.12-jobservicepkg:apk/chainguard/harbor-fips-2.12-photon-registrypkg:apk/chainguard/harbor-fips-2.12-portalpkg:apk/chainguard/harbor-fips-2.12-redis-compatpkg:apk/chainguard/harbor-fips-2.12-registryctlpkg:apk/wolfi/harbor-2.11pkg:apk/wolfi/harbor-2.11-jobservicepkg:apk/wolfi/harbor-2.11-portalpkg:apk/wolfi/harbor-2.11-portal-nginx-configpkg:apk/wolfi/harbor-2.11-registryctlpkg:apk/wolfi/harbor-2.12pkg:apk/wolfi/harbor-2.12-jobservicepkg:apk/wolfi/harbor-2.12-portalpkg:apk/wolfi/harbor-2.12-portal-nginx-configpkg:apk/wolfi/harbor-2.12-registryctlpkg:golang/github.com/beego/beegopkg:golang/github.com/beego/beego/v2pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 2.11.2-r20+ 44 more
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r22
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r15
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r28
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.11.2-r25
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.12.4-r15
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.12.4-r12
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.11.2-r20
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: < 2.12.4-r13
- (no CPE)range: <= 1.12.14
- (no CPE)range: < 2.3.4
- (no CPE)range: < 0.0.20241218T202206-1.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9j3m-fr7q-jxfwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-55885ghsaADVISORY
- github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4ghsax_refsource_MISCWEB
- github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfwghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.