blob: f284e27b7bf9092fc6eb764ee8777bbab29d3354 [file] [log] [blame]
module: github.com/astaxie/beego
package: github.com/astaxie/beego/session
versions:
- fixed: v1.12.2-0.20200613154013-bac2b31afecc
description: |
Session data is stored using permissive permissions, allowing local users
with filesystem access to read arbitrary data.
cves:
- CVE-2019-16354
credit: '@nicowaisman'
symbols:
- FileProvider.SessionRead
- FileProvider.SessionRegenerate
links:
pr: https://github.com/beego/beego/pull/3975
commit: https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1
context:
- https://github.com/beego/beego/issues/3763