Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-36565

Опубликовано: 07 дек. 2022
Источник: debian

Описание

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-github-labstack-echonot-affectedpackage
golang-github-labstack-echo.v2not-affectedpackage
golang-github-labstack-echo.v3not-affectedpackage

Примечания

  • https://github.com/labstack/echo/pull/1718

  • https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa

  • https://pkg.go.dev/vuln/GO-2021-0051

Связанные уязвимости

ubuntu логотип

CVE-2020-36565

CVSS3: 5.3
ubuntu
около 3 лет назад

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

nvd логотип

CVE-2020-36565

CVSS3: 5.3
nvd
около 3 лет назад

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

github логотип

GHSA-j453-hm5x-c46w

CVSS3: 5.3
github
около 3 лет назад

Echo vulnerable to directory traversal