CVE-2024-55885

Name of the Vulnerable Software and Affected Versions beego versions prior to 2.3.4

Description The issue concerns the use of MD5 as a hashing algorithm in beego, which is no longer considered secure due to its vulnerability to collision attacks. This vulnerability can lead to data integrity risks, security vulnerabilities, and unpredictable behavior in cache systems. A collision in hashing occurs when two different inputs produce the same hash output, allowing attackers to potentially exploit collisions and manipulate cache data.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later, which replaces MD5 with SHA256, a more secure hash function resistant to known attack vectors. As a temporary workaround, consider using a more secure hash function like SHA-256 in place of MD5 for hashing cache keys. Restrict access to sensitive cached information to minimize the risk of exploitation. Avoid using MD5 for generating filenames for cache keys until the issue is resolved.