Toptotuo

**Name of the Vulnerable Software and Affected Versions** beego versions through 2.0.2 **Description** An issue was discovered in the file profile.go, specifically in the `MemProf` function, which allows attackers to launch symlink attacks locally. This is due to the `MemProf` and `GetCPUProfile` functions not correctly checking whether the created file exists, enabling attackers to potentially escalate privileges. **Recommendations** For beego versions through 2.0.2, consider disabling the `MemProf` and `GetCPUProfile` functions as a temporary workaround until a patch is available. Restrict access to the profile.go file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** beego versions through 2.0.2 **Description** An issue was discovered in the file profile.go in the function GetCPUProfile, allowing attackers to launch symlink attacks locally. The issue affects beego, an open-source, high-performance web framework for the Go programming language. **Recommendations** For beego versions through 2.0.2, consider disabling the `GetCPUProfile` function in the profile.go file as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.