GHSA-j453-hm5x-c46w

Source

https://github.com/advisories/GHSA-j453-hm5x-c46w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-j453-hm5x-c46w/GHSA-j453-hm5x-c46w.json

Aliases

CVE-2020-36565
GO-2021-0051

Published

2022-12-07T18:30:26Z

Modified

2023-11-08T04:03:47.726196Z

Details

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36565
https://github.com/labstack/echo/pull/1718
https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
https://github.com/labstack/echo
https://pkg.go.dev/vuln/GO-2021-0051

Affected packages

Go / github.com/labstack/echo/v4

Package

Name: github.com/labstack/echo/v4

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

4.2.0