CVE-2024-40464
EUVD-2024-241031.07.2024, 21:15
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go fileEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| beego | beego | 𝑥 < 2.2.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| beego | beego | 𝑥 ≤ 2.2.0 | ADP |
Common Weakness Enumeration
- CWE-295 - Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.
- CWE-599 - Missing Validation of OpenSSL CertificateThe software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.