CVE-2022-31259

critical

Description

The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).

References

https://github.com/beego/beego/tree/v2.0.2

https://github.com/beego/beego/issues/4946

https://github.com/advisories/GHSA-qx32-f6g6-fcfr

https://beego.vip

Details

Source: Mitre, NVD

Published: 2022-05-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.21573

Detections

Analytics