GHSA-2v6v-q994-xvxx

Source

https://github.com/advisories/GHSA-2v6v-q994-xvxx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-2v6v-q994-xvxx/GHSA-2v6v-q994-xvxx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2v6v-q994-xvxx

Aliases

CVE-2021-27117

Published

2022-04-06T00:01:30Z

Modified

2023-11-08T04:05:23.569911Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Privilege escalation in beego

Details

beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.

Database specific

{
    "cwe_ids": [
        "CWE-59"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "nvd_published_at": "2022-04-05T16:15:00Z",
    "github_reviewed_at": "2022-04-07T22:04:06Z"
}

References

Affected packages

Go / github.com/beego/beego/v2

Package

Name: github.com/beego/beego/v2; View open source insights on deps.dev
Purl: pkg:golang/github.com/beego/beego/v2

Affected ranges

Type: SEMVER
Events: Introduced

2.0.0

Fixed

2.0.2

Go / github.com/beego/beego

Package

Name: github.com/beego/beego; View open source insights on deps.dev
Purl: pkg:golang/github.com/beego/beego

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

last_known_affected_version_range

"< 2.0.2"