CVE-2021-27117

HIGH7.8EPSS 0.16%

Privilege escalation in beego

Published: 4/6/2022Modified: 11/8/2023

Description

beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.

Affected packages (2)

Go/github.com/beego/beegofrom 0
Go/github.com/beego/beego/v2>= 2.0.0, < 2.0.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-27117
PATCHhttps://github.com/beego/beego
WEBhttps://github.com/beego/beego/issues/4484