CVE-2019-16354: Incorrect Permission Assignment for Critical Resource

(updated )

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.

References

Detect and mitigate CVE-2019-16354 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →