VYPR
Moderate severityNVD Advisory· Published Dec 12, 2024· Updated Dec 13, 2024

Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames

CVE-2024-55885

Description

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/beego/beegoGo
<= 1.12.14
github.com/beego/beego/v2Go
< 2.3.42.3.4

Affected products

46

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.