This is a circumstantial authentication bypass vulnerability for the Beego framework. This was initially reported in May, and after multiple follow-ups to the maintainers with no response, we have made the details public following a 90 day disclosure period.

New blog post: New Method to Leverage Unsafe Reflection and Deserialisation and gain RCE on Rails www.elttam.com/blog/rails-s...