CVE-2024-40465
CVE Details
Visit the official vulnerability details page for CVE-2024-40465 to learn more.
Initial Publication
01/27/2025
Last Update
02/26/2025
Third Party Dependency
github.com/beego/beego/v2
NIST CVE Summary
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
CVE Severity
Our Official Summary
This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.
Status
Ongoing
Affected Products & Versions
This CVE is non-impacting as the impacting symbol and/or function is not used in the product
Revision History
| Date | Revision |
|---|---|
| 02/26/2025 | Status changed from Open to Ongoing |
| 02/21/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 |
| 02/17/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6 |
| 02/14/2025 | Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22 |
| 02/05/2025 | Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21 |