CVE-2021-27116: Improper Link Resolution Before File Access ('Link Following')

April 6, 2022 (updated April 12, 2022)

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.

References

github.com/advisories/GHSA-ffjp-66mx-3qpj
github.com/beego/beego/issues/4484
nvd.nist.gov/vuln/detail/CVE-2021-27116

Detect and mitigate CVE-2021-27116 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →