CVE-2022-40083 – github.com/labstack/echo/v4

Package

Manager: go
Name: github.com/labstack/echo/v4
Vulnerable Version: >=0 <4.9.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.73135 pctl0.98743

Details

Labstack Echo Open Redirect vulnerability Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue.

Metadata

Created: 2022-09-29T00:00:26Z
Modified: 2022-09-30T06:31:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-crxj-hrmp-4rwf/GHSA-crxj-hrmp-4rwf.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-crxj-hrmp-4rwf
Finding: F100
Auto approve: 1