GO-2021-0051

Source
https://pkg.go.dev/vuln/GO-2021-0051
Import Source
https://vuln.go.dev/ID/GO-2021-0051.json
Aliases
Published
2021-04-14T20:04:52Z
Modified
2023-11-08T04:03:47.726196Z
Details

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

Affected packages

Go / github.com/labstack/echo/v4

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
4.1.18-0.20201215153152-4422e3b66b9f

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/labstack/echo/v4",
            "symbols": [
                "Echo.Static",
                "Group.Static",
                "common.static"
            ],
            "goos": [
                "windows"
            ]
        }
    ]
}