data/reports/GO-2021-0084.yaml - vulndb - Git at Google

 packages:
   - module: github.com/astaxie/beego
     package: github.com/astaxie/beego/session
     symbols:
       - FileProvider.SessionRead
       - FileProvider.SessionRegenerate
     versions:
       - fixed: 1.12.2-0.20200613154013-bac2b31afecc
 description: |
     Session data is stored using permissive permissions, allowing local users
     with filesystem access to read arbitrary data.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-16354
 ghsas:
   - GHSA-f6px-w8rh-7r89
 credit: '@nicowaisman'
 links:
     pr: https://github.com/beego/beego/pull/3975
     commit: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
     context:
       - https://github.com/beego/beego/issues/3763
	packages:
	- module: github.com/astaxie/beego
	package: github.com/astaxie/beego/session
	symbols:
	- FileProvider.SessionRead
	- FileProvider.SessionRegenerate
	versions:
	- fixed: 1.12.2-0.20200613154013-bac2b31afecc
	description: \|
	Session data is stored using permissive permissions, allowing local users
	with filesystem access to read arbitrary data.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-16354
	ghsas:
	- GHSA-f6px-w8rh-7r89
	credit: '@nicowaisman'
	links:
	pr: https://github.com/beego/beego/pull/3975
	commit: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
	context:
	- https://github.com/beego/beego/issues/3763