CVE-2021-27117
Privilege escalation in beego
7.8
HIGH
CVSS 3.1
EPSS 0.16%
Description
beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
How to fix CVE-2021-27117
To remediate CVE-2021-27117, upgrade the affected package to a fixed version below.
- Go/github.com/beego/beego—no fix listed
- —upgrade to 2.0.2 or later
Is CVE-2021-27117 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- >= 2.0.0, < 2.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |