| id: GO-2022-0463 |
| modules: |
| - module: github.com/astaxie/beego |
| vulnerable_at: 1.12.3 |
| packages: |
| - package: github.com/astaxie/beego |
| symbols: |
| - Tree.Match |
| derived_symbols: |
| - App.Run |
| - ControllerRegister.FindPolicy |
| - ControllerRegister.FindRouter |
| - ControllerRegister.ServeHTTP |
| - FilterRouter.ValidRouter |
| - InitBeegoBeforeTest |
| - Run |
| - RunWithMiddleWares |
| - TestBeegoInit |
| - adminApp.Run |
| - module: github.com/beego/beego |
| versions: |
| - fixed: 1.12.9 |
| vulnerable_at: 1.12.8 |
| packages: |
| - package: github.com/beego/beego |
| symbols: |
| - Tree.match |
| derived_symbols: |
| - App.Run |
| - ControllerRegister.FindPolicy |
| - ControllerRegister.FindRouter |
| - ControllerRegister.ServeHTTP |
| - FilterRouter.ValidRouter |
| - InitBeegoBeforeTest |
| - Run |
| - RunWithMiddleWares |
| - TestBeegoInit |
| - Tree.Match |
| - adminApp.Run |
| - module: github.com/beego/beego/v2 |
| versions: |
| - fixed: 2.0.3 |
| vulnerable_at: 2.0.2 |
| packages: |
| - package: github.com/beego/beego/v2/server/web |
| symbols: |
| - Tree.match |
| derived_symbols: |
| - AddNamespace |
| - AddViewPath |
| - Any |
| - AutoPrefix |
| - AutoRouter |
| - BuildTemplate |
| - Compare |
| - CompareNot |
| - Controller.Abort |
| - Controller.Bind |
| - Controller.BindForm |
| - Controller.BindJSON |
| - Controller.BindProtobuf |
| - Controller.BindXML |
| - Controller.BindYAML |
| - Controller.CheckXSRFCookie |
| - Controller.CustomAbort |
| - Controller.Delete |
| - Controller.DestroySession |
| - Controller.Get |
| - Controller.GetBool |
| - Controller.GetFile |
| - Controller.GetFloat |
| - Controller.GetInt |
| - Controller.GetInt16 |
| - Controller.GetInt32 |
| - Controller.GetInt64 |
| - Controller.GetInt8 |
| - Controller.GetSecureCookie |
| - Controller.GetString |
| - Controller.GetStrings |
| - Controller.GetUint16 |
| - Controller.GetUint32 |
| - Controller.GetUint64 |
| - Controller.GetUint8 |
| - Controller.Head |
| - Controller.Input |
| - Controller.IsAjax |
| - Controller.JSONResp |
| - Controller.Options |
| - Controller.ParseForm |
| - Controller.Patch |
| - Controller.Post |
| - Controller.Put |
| - Controller.Redirect |
| - Controller.Render |
| - Controller.RenderBytes |
| - Controller.RenderString |
| - Controller.Resp |
| - Controller.SaveToFile |
| - Controller.SaveToFileWithBuffer |
| - Controller.ServeFormatted |
| - Controller.ServeJSON |
| - Controller.ServeJSONP |
| - Controller.ServeXML |
| - Controller.ServeYAML |
| - Controller.SessionRegenerateID |
| - Controller.SetData |
| - Controller.SetSecureCookie |
| - Controller.Trace |
| - Controller.URLFor |
| - Controller.XMLResp |
| - Controller.XSRFFormHTML |
| - Controller.XSRFToken |
| - Controller.YamlResp |
| - ControllerRegister.Add |
| - ControllerRegister.AddAuto |
| - ControllerRegister.AddAutoPrefix |
| - ControllerRegister.AddMethod |
| - ControllerRegister.AddRouterMethod |
| - ControllerRegister.Any |
| - ControllerRegister.CtrlAny |
| - ControllerRegister.CtrlDelete |
| - ControllerRegister.CtrlGet |
| - ControllerRegister.CtrlHead |
| - ControllerRegister.CtrlOptions |
| - ControllerRegister.CtrlPatch |
| - ControllerRegister.CtrlPost |
| - ControllerRegister.CtrlPut |
| - ControllerRegister.Delete |
| - ControllerRegister.FindPolicy |
| - ControllerRegister.FindRouter |
| - ControllerRegister.Get |
| - ControllerRegister.GetContext |
| - ControllerRegister.Handler |
| - ControllerRegister.Head |
| - ControllerRegister.Include |
| - ControllerRegister.Init |
| - ControllerRegister.InsertFilter |
| - ControllerRegister.Options |
| - ControllerRegister.Patch |
| - ControllerRegister.Post |
| - ControllerRegister.Put |
| - ControllerRegister.ServeHTTP |
| - ControllerRegister.URLFor |
| - CtrlAny |
| - CtrlDelete |
| - CtrlGet |
| - CtrlHead |
| - CtrlOptions |
| - CtrlPatch |
| - CtrlPost |
| - CtrlPut |
| - Date |
| - DateFormat |
| - DateParse |
| - Delete |
| - Exception |
| - ExecuteTemplate |
| - ExecuteViewPathTemplate |
| - FileSystem.Open |
| - FilterRouter.ValidRouter |
| - FlashData.Error |
| - FlashData.Notice |
| - FlashData.Set |
| - FlashData.Store |
| - FlashData.Success |
| - FlashData.Warning |
| - Get |
| - GetConfig |
| - HTML2str |
| - Handler |
| - Head |
| - Htmlquote |
| - Htmlunquote |
| - HttpServer.Any |
| - HttpServer.AutoPrefix |
| - HttpServer.AutoRouter |
| - HttpServer.CtrlAny |
| - HttpServer.CtrlDelete |
| - HttpServer.CtrlGet |
| - HttpServer.CtrlHead |
| - HttpServer.CtrlOptions |
| - HttpServer.CtrlPatch |
| - HttpServer.CtrlPost |
| - HttpServer.CtrlPut |
| - HttpServer.Delete |
| - HttpServer.Get |
| - HttpServer.Handler |
| - HttpServer.Head |
| - HttpServer.Include |
| - HttpServer.InsertFilter |
| - HttpServer.LogAccess |
| - HttpServer.Options |
| - HttpServer.Patch |
| - HttpServer.Post |
| - HttpServer.PrintTree |
| - HttpServer.Put |
| - HttpServer.RESTRouter |
| - HttpServer.Router |
| - HttpServer.RouterWithOpts |
| - HttpServer.Run |
| - Include |
| - InitBeegoBeforeTest |
| - InsertFilter |
| - LoadAppConfig |
| - LogAccess |
| - MapGet |
| - Namespace.Any |
| - Namespace.AutoPrefix |
| - Namespace.AutoRouter |
| - Namespace.Cond |
| - Namespace.CtrlAny |
| - Namespace.CtrlDelete |
| - Namespace.CtrlGet |
| - Namespace.CtrlHead |
| - Namespace.CtrlOptions |
| - Namespace.CtrlPatch |
| - Namespace.CtrlPost |
| - Namespace.CtrlPut |
| - Namespace.Delete |
| - Namespace.Filter |
| - Namespace.Get |
| - Namespace.Handler |
| - Namespace.Head |
| - Namespace.Include |
| - Namespace.Namespace |
| - Namespace.Options |
| - Namespace.Patch |
| - Namespace.Post |
| - Namespace.Put |
| - Namespace.Router |
| - NewControllerRegister |
| - NewControllerRegisterWithCfg |
| - NewHttpServerWithCfg |
| - NewHttpSever |
| - NewNamespace |
| - NotNil |
| - Options |
| - ParseForm |
| - Patch |
| - Policy |
| - Post |
| - PrintTree |
| - Put |
| - RESTRouter |
| - ReadFromRequest |
| - RenderForm |
| - Router |
| - RouterWithOpts |
| - Run |
| - RunWithMiddleWares |
| - TestBeegoInit |
| - Tree.AddRouter |
| - Tree.AddTree |
| - Tree.Match |
| - URLFor |
| - URLMap.GetMap |
| - URLMap.GetMapData |
| - Walk |
| - adminApp.Run |
| - adminController.AdminIndex |
| - adminController.Healthcheck |
| - adminController.ListConf |
| - adminController.ProfIndex |
| - adminController.PrometheusMetrics |
| - adminController.QpsIndex |
| - adminController.TaskStatus |
| - beegoAppConfig.Bool |
| - beegoAppConfig.DefaultBool |
| - beegoAppConfig.SaveConfigFile |
| - beegoAppConfig.Unmarshaler |
| summary: |- |
| Access control bypass due to broad route matching in github.com/beego/beego and |
| beego/v2 |
| description: |- |
| Routes in the beego HTTP router can match unintended patterns. This overly-broad |
| matching may permit an attacker to bypass access controls. |
| |
| For example, the pattern "/a/b/:name" can match the URL "/a.xml/b/". This may |
| bypass access control applied to the prefix "/a/". |
| published: 2022-07-01T20:06:59Z |
| cves: |
| - CVE-2022-31259 |
| ghsas: |
| - GHSA-qx32-f6g6-fcfr |
| references: |
| - fix: https://github.com/beego/beego/pull/4958 |
| - fix: https://github.com/beego/beego/commit/64cf44d725c8cc35d782327d333df9cbeb1bf2dd |
| - web: https://github.com/beego/beego/issues/4946 |
| - web: https://github.com/beego/beego/pull/4954 |
| review_status: REVIEWED |