Beego CVE - OpenCVE

Filtered by vendor Beego Subscribe

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-31836	1 Beego	1 Beego	2022-07-14	7.5 HIGH	9.8 CRITICAL
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
CVE-2022-31259	1 Beego	1 Beego	2022-06-02	6.8 MEDIUM	9.8 CRITICAL
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).

Vulnerabilities (CVE)