Skip to content

Instantly share code, notes, and snippets.

@nyxfqq
Created July 31, 2024 02:41
Show Gist options
  • Save nyxfqq/a5a2fc5147a1b34538e1ac05a3e56910 to your computer and use it in GitHub Desktop.
Save nyxfqq/a5a2fc5147a1b34538e1ac05a3e56910 to your computer and use it in GitHub Desktop.
CVE-2024-40465
[Suggested description]
An issue in beego v.2.2.0 and before allows a remote attacker to
escalate privileges via the getCacheFileName function in file.go file
------------------------------------------
[VulnerabilityType Other]
CWE327, CWE328
------------------------------------------
[Vendor of Product]
https://github.com/beego/beego
------------------------------------------
[Affected Product Code Base]
beego - <=v2.2.0
------------------------------------------
[Affected Component]
github.com/beego/beego/client/cache/file.go
github.com/beego/beego/core/logs/alils/request.go
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
upload or update a file
------------------------------------------
[Reference]
https://github.com/beego/beego/security/advisories/GHSA-6g9p-wv47-4fxq
------------------------------------------
[Discoverer]
Yuexi Zhang
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment