Beego
by Beego
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30223 | 0.00 | — | 0.01 | Mar 31, 2025 | Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject… | |||
| CVE-2024-55885 | 0.00 | — | 0.00 | Dec 12, 2024 | beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with… | |||
| CVE-2024-40465 | 0.00 | — | 0.00 | Jul 31, 2024 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file | |||
| CVE-2024-40464 | 0.00 | — | 0.01 | Jul 31, 2024 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | |||
| CVE-2022-31836 | 0.00 | — | 0.01 | Jul 5, 2022 | The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | |||
| CVE-2022-31259 | 0.00 | — | 0.22 | May 21, 2022 | The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). | |||
| CVE-2021-30080 | 0.00 | — | 0.01 | Apr 5, 2022 | An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control. | |||
| CVE-2021-27116 | 0.00 | — | 0.00 | Apr 5, 2022 | An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | |||
| CVE-2021-27117 | 0.00 | — | 0.00 | Apr 5, 2022 | An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. |
- CVE-2025-30223Mar 31, 2025risk 0.00cvss —epss 0.01
Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject…
- CVE-2024-55885Dec 12, 2024risk 0.00cvss —epss 0.00
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with…
- CVE-2024-40465Jul 31, 2024risk 0.00cvss —epss 0.00
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
- CVE-2024-40464Jul 31, 2024risk 0.00cvss —epss 0.01
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
- CVE-2022-31836Jul 5, 2022risk 0.00cvss —epss 0.01
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
- CVE-2022-31259May 21, 2022risk 0.00cvss —epss 0.22
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
- CVE-2021-30080Apr 5, 2022risk 0.00cvss —epss 0.01
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
- CVE-2021-27116Apr 5, 2022risk 0.00cvss —epss 0.00
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
- CVE-2021-27117Apr 5, 2022risk 0.00cvss —epss 0.00
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.