CVE-2024-55885

HIGH

Beego < 2.3.4 - Broken Cryptographic Algorithm

Title source: rule

Description

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.

References (2)

[Mitigation, Vendor Advisory] https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw

[Patch] https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-327 CWE-328

Status published

Products (3)

beego/beego < 2.3.4

beego/beego 0Go

beego/beego 0 - 2.3.4Go

Published Dec 12, 2024

Tracked Since Feb 18, 2026