CVE-2020-36565 – github.com/labstack/echo/v4

Package

Manager: go
Name: github.com/labstack/echo/v4
Vulnerable Version: >=0 <4.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00751 pctl0.72248

Details

Echo vulnerable to directory traversal Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Metadata

Created: 2022-12-07T18:30:26Z
Modified: 2022-12-12T20:48:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-j453-hm5x-c46w/GHSA-j453-hm5x-c46w.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-j453-hm5x-c46w
Finding: F063
Auto approve: 1