CVE-2021-27117: Improper Link Resolution Before File Access ('Link Following')

April 6, 2022 (updated April 15, 2022)

An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.

References

github.com/advisories/GHSA-2v6v-q994-xvxx
github.com/beego/beego/issues/4484
nvd.nist.gov/vuln/detail/CVE-2021-27117

Detect and mitigate CVE-2021-27117 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →