Описание
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-labstack-echo | fixed | 4.11.1-1 | package | |
| golang-github-labstack-echo | no-dsa | bookworm | package | |
| golang-github-labstack-echo.v2 | not-affected | package | ||
| golang-github-labstack-echo.v3 | not-affected | package |
Примечания
https://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1 (v4.9.0)
https://github.com/labstack/echo/issues/2259
Связанные уязвимости
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
Уязвимость компонента Static Handler веб-фреймворка для создания масштабируемых и высокопроизводительных веб-приложений Echo, позволяющая нарушителю осуществить SSRF-атаку