CVE-2024-55885

Summary

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.

Affected Software

VendorProductVersion RangeStatus
beegobeego< 2.3.4affected

Weaknesses

  • CWE-328: CWE-328: Use of Weak Hash
  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References