CVE-2024-55885: Beego has Collision Hazards of MD5 in Cache Key Filenames

December 12, 2024 (updated December 18, 2024)

In the context of using MD5 to generate filenames for cache keys, there are significant collision hazards that need to be considered. MD5, or Message Digest Algorithm 5, is a widely known cryptographic hash function that produces a 128-bit hash value. However, MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks.

References

github.com/advisories/GHSA-9j3m-fr7q-jxfw
github.com/beego/beego
github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4
github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw
nvd.nist.gov/vuln/detail/CVE-2024-55885

Code Behaviors & Features

Detect and mitigate CVE-2024-55885 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →