Beego Beego
12 CVEs affecting Beego Beego. Latest disclosed: 2025-03-31. Critical: 4, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31836 | Critical | 9.8 | 2022-07-05 | The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. |
CVE-2022-31259 | Critical | 9.8 | 2022-05-21 | The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attack… |
CVE-2021-30080 | Critical | 9.8 | 2022-04-05 | An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control. |
CVE-2025-30223 | Critical | 9.3 | 2025-03-31 | Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm(… |
CVE-2024-40465 | High | 8.8 | 2024-07-31 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file |
CVE-2024-40464 | High | 8.8 | 2024-07-31 | An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file |
CVE-2021-27117 | High | 7.8 | 2022-04-05 | An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. |
CVE-2021-27116 | High | 7.8 | 2022-04-05 | An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. |
CVE-2024-55885 | High | 7.5 | 2024-12-12 | beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer consid… |
CVE-2021-39391 | Medium | 6.1 | 2021-09-14 | Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators vi… |
CVE-2019-16355 | Medium | 5.5 | 2019-09-16 | The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. |
CVE-2019-16354 | Medium | 4.7 | 2019-09-16 | The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory… |