Описание
Beego has a file creation race condition
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-16354
- https://github.com/astaxie/beego/issues/3763
- https://github.com/beego/beego/issues/3763
- https://github.com/beego/beego/pull/3975
- https://github.com/beego/beego/pull/3975/commits/f99cbe0fa40936f2f8dd28e70620c559b6e5e2fd
- https://github.com/astaxie/beego/commit/f99cbe0fa40936f2f8dd28e70620c559b6e5e2fd
- https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
- https://github.com/astaxie/beego/blob/v1.12.2/session/sess_file.go#L142
- https://pkg.go.dev/vuln/GO-2021-0084
Пакеты
Наименование
github.com/beego/beego
go
Затронутые версииВерсия исправления
< 1.12.2
1.12.2
Наименование
github.com/astaxie/beego
go
Затронутые версииВерсия исправления
< 1.12.2
1.12.2
Связанные уязвимости
CVSS3: 4.7
nvd
больше 6 лет назад
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.