Session data is stored using permissive permissions, allowing local users with filesystem access to read arbitrary data.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0084" }
{ "imports": [ { "path": "github.com/astaxie/beego/session", "symbols": [ "FileProvider.SessionRead", "FileProvider.SessionRegenerate", "Manager.GetSessionStore", "Manager.SessionRegenerateID", "Manager.SessionStart" ] } ] }