CVE-2021-30080
Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2
EPSS 0.43%
Description
An issue was discovered in the route lookup process in beego which attackers to bypass access control.
How to fix CVE-2021-30080
To remediate CVE-2021-30080, upgrade the affected package to a fixed version below.
- Go/github.com/astaxie/beego—no fix listed
- Go/github.com/beego/beego—no fix listed
- Go/github.com/beego/beego—no fix listed
- Go/github.com/beego/beego/v2—upgrade to 2.0.3 or later
- —upgrade to 2.0.3 or later
Is CVE-2021-30080 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0
- from 0, <= 1.12.11
- from 0
- >= 2.0.0, < 2.0.3
- >= 2.0.0, < 2.0.3