Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please check whether the CVE-2024-40465 vulnerability has been fixed. #5694

Closed
warlooy opened this issue Aug 17, 2024 · 2 comments
Closed

Please check whether the CVE-2024-40465 vulnerability has been fixed. #5694

warlooy opened this issue Aug 17, 2024 · 2 comments

Comments

@warlooy
Copy link

warlooy commented Aug 17, 2024
edited
Loading

  1. What did you do?
    I see on the nvd website that the CVE-2024-40465 vulnerability has been fixed in beego v2.2.1.

image

image

Reference: GHSA-6g9p-wv47-4fxq

However, the (8f89e12) patch does not contain the affected components client/cache/file.go and core/logs/alils/request.go.

According to the details.pdf in GHSA-6g9p-wv47-4fxq, CVE-2024-40465 is more of an "md5 is insecure" issue. And it still uses md5.
I'm a little confused, please help confirm whether the CVE-2024-40465 vulnerability has been fixed in beego v2.2.1.

  1. What did you expect to see?
    Please help confirm whether the CVE-2024-40465 vulnerability has been fixed in beego v2.2.1.
@flycash
Copy link
Collaborator

flycash commented Aug 17, 2024

no need to fix it

@warlooy
Copy link
Author

warlooy commented Aug 21, 2024

@flycash ok,thanks

@warlooy warlooy closed this as completed Aug 21, 2024
@tatianab tatianab mentioned this issue Aug 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flycash @warlooy