Closed GoVulnBot closed 3 weeks ago
Advisory GHSA-r6qh-j42j-pw64 references a vulnerability in the following Go modules:
Description: An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in the beego/core/logs/smtp.go file.
sendMail
beego/core/logs/smtp.go
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING modules: - module: github.com/beego/beego vulnerable_at: 1.12.12 - module: github.com/beego/beego/v2 versions: - fixed: 2.2.1 vulnerable_at: 2.2.0 summary: Beego privilege escalation vulnerability in github.com/beego/beego cves: - CVE-2024-40464 ghsas: - GHSA-r6qh-j42j-pw64 references: - advisory: https://github.com/advisories/GHSA-r6qh-j42j-pw64 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-40464 - fix: https://github.com/beego/beego/commit/8f89e12e6cafb106d5c201dbc3b2a338bfde74e2 - web: https://gist.github.com/nyxfqq/b53b0148b9aa040de63f58a68fd11445 - web: https://github.com/beego/beego/security/advisories/GHSA-6g9p-wv47-4fxq source: id: GHSA-r6qh-j42j-pw64 created: 2024-08-01T14:01:18.509844175Z review_status: UNREVIEWED
Change https://go.dev/cl/606775 mentions this issue: data/reports: add 4 reports
data/reports: add 4 reports
Advisory GHSA-r6qh-j42j-pw64 references a vulnerability in the following Go modules:
Description: An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the
sendMail
function located in thebeego/core/logs/smtp.go
file.References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.