{ "schema_version": "1.4.0", "id": "GHSA-f6px-w8rh-7r89", "modified": "2023-09-15T17:59:24Z", "published": "2021-08-02T17:15:05Z", "aliases": [ "CVE-2019-16354" ], "summary": "Beego has a file creation race condition", "details": "The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/beego/beego" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.12.2" } ] } ] }, { "package": { "ecosystem": "Go", "name": "github.com/astaxie/beego" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.12.2" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16354" }, { "type": "WEB", "url": "https://github.com/astaxie/beego/issues/3763" }, { "type": "WEB", "url": "https://github.com/beego/beego/issues/3763" }, { "type": "WEB", "url": "https://github.com/beego/beego/pull/3975" }, { "type": "WEB", "url": "https://github.com/beego/beego/pull/3975/commits/f99cbe0fa40936f2f8dd28e70620c559b6e5e2fd" }, { "type": "WEB", "url": "https://github.com/astaxie/beego/commit/f99cbe0fa40936f2f8dd28e70620c559b6e5e2fd" }, { "type": "WEB", "url": "https://github.com/beego/beego/commit/bac2b31afecc65d9a89f9e473b8006c5edc0c8d1" }, { "type": "PACKAGE", "url": "https://github.com/astaxie/beego" }, { "type": "WEB", "url": "https://github.com/astaxie/beego/blob/v1.12.2/session/sess_file.go#L142" }, { "type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2021-0084" } ], "database_specific": { "cwe_ids": [ "CWE-362", "CWE-732" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-07-22T21:51:41Z", "nvd_published_at": "2019-09-16T15:15:00Z" } }