UBUNTU-CVE-2020-36565

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-36565

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-36565.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-36565

Related

CVE-2020-36565

Published

2022-12-07T17:15:00Z

Modified

2024-10-15T14:07:52Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

Affected packages

Ubuntu:22.04:LTS / golang-github-labstack-echo

Package

Name: golang-github-labstack-echo
Purl: pkg:deb/ubuntu/golang-github-labstack-echo?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-github-labstack-echo

Package

Name: golang-github-labstack-echo
Purl: pkg:deb/ubuntu/golang-github-labstack-echo?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1-2

4.12.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-github-labstack-echo

Package

Name: golang-github-labstack-echo
Purl: pkg:deb/ubuntu/golang-github-labstack-echo?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}