An issue was discovered in file profile.go. The MemProf and GetCPUProfile functions do not correctly check whether the created file exists. As a result attackers can launch attacks symlink attacks locally. Attackers can use this vulnerability to escalate privileges.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/beego/beego/v2 | lt | 2.0.2 | |
github.com/beego/beego/v2 | ge | 2.0.0 |