CVE-2024-40464

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:beego:beego:*:*:*:*:*:*:*:*

History

15 Aug 2024, 13:02

Type Values Removed Values Added
CWE CWE-295
First Time Beego
Beego beego
CPE cpe:2.3:a:beego:beego:*:*:*:*:*:*:*:*
References () https://gist.github.com/nyxfqq/b53b0148b9aa040de63f58a68fd11445 - () https://gist.github.com/nyxfqq/b53b0148b9aa040de63f58a68fd11445 - Third Party Advisory

06 Aug 2024, 18:35

Type Values Removed Values Added
CWE CWE-599
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Un problema en beego v.2.2.0 y anteriores permite a un atacante remoto escalar privilegios a través de la función sendMail ubicada en el archivo beego/core/logs/smtp.go

31 Jul 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-31 21:15

Updated : 2024-08-15 13:02


NVD link : CVE-2024-40464

Mitre link : CVE-2024-40464

CVE.ORG link : CVE-2024-40464


JSON object : View

Products Affected

beego

  • beego
CWE
CWE-295

Improper Certificate Validation

CWE-599

Missing Validation of OpenSSL Certificate