CVE-2021-27117

HIGH7.8EPSS 0.16%

Privilege escalation in beego

發布日:2022/4/6修改日:2023/11/8

描述

beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.

受影響套件(2)

Go/github.com/beego/beegofrom 0
Go/github.com/beego/beego/v2>= 2.0.0, < 2.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-27117
PATCHhttps://github.com/beego/beego
WEBhttps://github.com/beego/beego/issues/4484