Home > Vulnerability Database > CVE-2024-55885

Mend.io Vulnerability Database

CVE-2024-55885

Good to know:

Date: December 12, 2024

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256.

Language: Go

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55885

Url: https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw

Url: https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4

Url: https://github.com/beego/beego

Url: https://www.mend.io/vulnerability-database/CVE-2024-55885

Severity Score

7.5

Weakness Type (CWE)

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

Use of Weak Hash

CWE-328

Top Fix

Upgrade Version

Upgrade to version github.com/beego/beego/v2 - v2.3.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55885

Good to know:

Date: December 12, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?