data/reports/GO-2021-0084.yaml - vulndb - Git at Google

 id: GO-2021-0084
 modules:
     - module: github.com/astaxie/beego
       versions:
         - fixed: 1.12.2-0.20200613154013-bac2b31afecc
       vulnerable_at: 1.12.2-0.20200610083815-4ad699b7b813
       packages:
         - package: github.com/astaxie/beego/session
           symbols:
             - FileProvider.SessionRead
             - FileProvider.SessionRegenerate
 summary: Incorrect permissions for critical resource in github.com/astaxie/beego
 description: |-
     Session data is stored using permissive permissions, allowing local users with
     filesystem access to read arbitrary data.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2019-16354
 ghsas:
     - GHSA-f6px-w8rh-7r89
 credits:
     - '@nicowaisman'
 references:
     - fix: https://github.com/beego/beego/pull/3975
     - fix: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
     - web: https://github.com/beego/beego/issues/3763
	id: GO-2021-0084
	modules:
	- module: github.com/astaxie/beego
	versions:
	- fixed: 1.12.2-0.20200613154013-bac2b31afecc
	vulnerable_at: 1.12.2-0.20200610083815-4ad699b7b813
	packages:
	- package: github.com/astaxie/beego/session
	symbols:
	- FileProvider.SessionRead
	- FileProvider.SessionRegenerate
	summary: Incorrect permissions for critical resource in github.com/astaxie/beego
	description: \|-
	Session data is stored using permissive permissions, allowing local users with
	filesystem access to read arbitrary data.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-16354
	ghsas:
	- GHSA-f6px-w8rh-7r89
	credits:
	- '@nicowaisman'
	references:
	- fix: https://github.com/beego/beego/pull/3975
	- fix: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
	- web: https://github.com/beego/beego/issues/3763