CVE-2024-40464
31.07.2024, 21:15
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go fileEnginsight
| Vendor | Product | Version |
|---|---|---|
| beego | beego | 𝑥 < 2.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-295 - Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.
- CWE-599 - Missing Validation of OpenSSL CertificateThe software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.