This is a circumstantial authentication bypass vulnerability for the Beego framework. This was initially reported in May, and after multiple follow-ups to the maintainers with no response, we have made the details public following a 90 day disclosure period.

New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails - elttamNew Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails - elttam elttam is a globally recognised, independent information security company, renowned for our advanced technical security assessments.

New blog post: New Method to Leverage Unsafe Reflection and Deserialisation and gain RCE on Rails www.elttam.com/blog/rails-s...