| modules: |
| - module: github.com/astaxie/beego |
| versions: |
| - fixed: 1.12.2-0.20200613154013-bac2b31afecc |
| packages: |
| - package: github.com/astaxie/beego/session |
| symbols: |
| - FileProvider.SessionRead |
| - FileProvider.SessionRegenerate |
| description: | |
| Session data is stored using permissive permissions, allowing local users |
| with filesystem access to read arbitrary data. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2019-16354 |
| ghsas: |
| - GHSA-f6px-w8rh-7r89 |
| credit: '@nicowaisman' |
| references: |
| - fix: https://github.com/beego/beego/pull/3975 |
| - fix: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1 |
| - web: https://github.com/beego/beego/issues/3763 |
