GO-2022-0572
- Source
- https://pkg.go.dev/vuln/GO-2022-0572
- Import Source
- https://vuln.go.dev/ID/GO-2022-0572.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2022-0572
- Aliases
- Published
- 2022-08-22T17:56:17Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2
- Details
-
An issue was discovered in the route lookup process in beego which attackers to bypass access control.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0572" }- References
Affected packages
Go / github.com/astaxie/beego
Package
- Name
- github.com/astaxie/beego
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/astaxie/beego
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"imports": [
{
"path": "github.com/astaxie/beego",
"symbols": [
"App.Run",
"ControllerRegister.FindPolicy",
"ControllerRegister.FindRouter",
"ControllerRegister.ServeHTTP",
"FilterRouter.ValidRouter",
"InitBeegoBeforeTest",
"Run",
"RunWithMiddleWares",
"TestBeegoInit",
"Tree.Match",
"adminApp.Run"
]
}
]
}
Go / github.com/beego/beego
Package
- Name
- github.com/beego/beego
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/beego/beego
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"imports": [
{
"path": "github.com/beego/beego",
"symbols": [
"App.Run",
"ControllerRegister.FindPolicy",
"ControllerRegister.FindRouter",
"ControllerRegister.ServeHTTP",
"FilterRouter.ValidRouter",
"InitBeegoBeforeTest",
"Run",
"RunWithMiddleWares",
"TestBeegoInit",
"Tree.Match",
"adminApp.Run"
]
}
]
}
Go / github.com/beego/beego/v2
Package
- Name
- github.com/beego/beego/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/beego/beego/v2
Ecosystem specific
{
"imports": [
{
"path": "github.com/beego/beego/v2/server/web",
"symbols": [
"AddNamespace",
"AddViewPath",
"Any",
"AutoPrefix",
"AutoRouter",
"BuildTemplate",
"Compare",
"CompareNot",
"Controller.Abort",
"Controller.CheckXSRFCookie",
"Controller.CustomAbort",
"Controller.Delete",
"Controller.DestroySession",
"Controller.Get",
"Controller.GetBool",
"Controller.GetFile",
"Controller.GetFloat",
"Controller.GetInt",
"Controller.GetInt16",
"Controller.GetInt32",
"Controller.GetInt64",
"Controller.GetInt8",
"Controller.GetSecureCookie",
"Controller.GetString",
"Controller.GetStrings",
"Controller.GetUint16",
"Controller.GetUint32",
"Controller.GetUint64",
"Controller.GetUint8",
"Controller.Head",
"Controller.Input",
"Controller.IsAjax",
"Controller.Options",
"Controller.ParseForm",
"Controller.Patch",
"Controller.Post",
"Controller.Put",
"Controller.Redirect",
"Controller.Render",
"Controller.RenderBytes",
"Controller.RenderString",
"Controller.SaveToFile",
"Controller.ServeFormatted",
"Controller.ServeJSON",
"Controller.ServeJSONP",
"Controller.ServeXML",
"Controller.ServeYAML",
"Controller.SessionRegenerateID",
"Controller.SetData",
"Controller.SetSecureCookie",
"Controller.Trace",
"Controller.URLFor",
"Controller.XSRFFormHTML",
"Controller.XSRFToken",
"ControllerRegister.Add",
"ControllerRegister.AddAuto",
"ControllerRegister.AddAutoPrefix",
"ControllerRegister.AddMethod",
"ControllerRegister.Any",
"ControllerRegister.Delete",
"ControllerRegister.FindPolicy",
"ControllerRegister.FindRouter",
"ControllerRegister.Get",
"ControllerRegister.GetContext",
"ControllerRegister.Handler",
"ControllerRegister.Head",
"ControllerRegister.Include",
"ControllerRegister.InsertFilter",
"ControllerRegister.InsertFilterChain",
"ControllerRegister.Options",
"ControllerRegister.Patch",
"ControllerRegister.Post",
"ControllerRegister.Put",
"ControllerRegister.ServeHTTP",
"ControllerRegister.URLFor",
"Date",
"DateFormat",
"DateParse",
"Delete",
"Exception",
"ExecuteTemplate",
"ExecuteViewPathTemplate",
"FileSystem.Open",
"FilterRouter.ValidRouter",
"FlashData.Error",
"FlashData.Notice",
"FlashData.Set",
"FlashData.Store",
"FlashData.Success",
"FlashData.Warning",
"Get",
"GetConfig",
"HTML2str",
"Handler",
"Head",
"Htmlquote",
"Htmlunquote",
"HttpServer.Any",
"HttpServer.AutoPrefix",
"HttpServer.AutoRouter",
"HttpServer.Delete",
"HttpServer.Get",
"HttpServer.Handler",
"HttpServer.Head",
"HttpServer.Include",
"HttpServer.InsertFilter",
"HttpServer.InsertFilterChain",
"HttpServer.LogAccess",
"HttpServer.Options",
"HttpServer.Patch",
"HttpServer.Post",
"HttpServer.PrintTree",
"HttpServer.Put",
"HttpServer.RESTRouter",
"HttpServer.Router",
"HttpServer.Run",
"Include",
"InitBeegoBeforeTest",
"InsertFilter",
"InsertFilterChain",
"LoadAppConfig",
"LogAccess",
"MapGet",
"Namespace.Any",
"Namespace.AutoPrefix",
"Namespace.AutoRouter",
"Namespace.Cond",
"Namespace.Delete",
"Namespace.Filter",
"Namespace.Get",
"Namespace.Handler",
"Namespace.Head",
"Namespace.Include",
"Namespace.Namespace",
"Namespace.Options",
"Namespace.Patch",
"Namespace.Post",
"Namespace.Put",
"Namespace.Router",
"NewControllerRegister",
"NewControllerRegisterWithCfg",
"NewHttpServerWithCfg",
"NewHttpSever",
"NewNamespace",
"NotNil",
"Options",
"ParseForm",
"Patch",
"Policy",
"Post",
"PrintTree",
"Put",
"RESTRouter",
"ReadFromRequest",
"RenderForm",
"Router",
"Run",
"RunWithMiddleWares",
"TestBeegoInit",
"Tree.AddRouter",
"Tree.AddTree",
"Tree.Match",
"URLFor",
"URLMap.GetMap",
"URLMap.GetMapData",
"Walk",
"adminApp.Run",
"adminController.AdminIndex",
"adminController.Healthcheck",
"adminController.ListConf",
"adminController.ProfIndex",
"adminController.PrometheusMetrics",
"adminController.QpsIndex",
"adminController.TaskStatus",
"beegoAppConfig.Bool",
"beegoAppConfig.DefaultBool",
"beegoAppConfig.SaveConfigFile",
"beegoAppConfig.Unmarshaler"
]
}
]
}