Описание
Labstack Echo Open Redirect vulnerability
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-40083
- https://github.com/labstack/echo/issues/2259
- https://github.com/labstack/echo/pull/2260
- https://github.com/labstack/echo/pull/2260/commits/3154abd1401554fe4d1c09ec550506d8625fc042
- https://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1
- https://github.com/labstack/echo/releases/tag/v4.9.0
- https://pkg.go.dev/vuln/GO-2022-1031
Пакеты
github.com/labstack/echo/v4
< 4.9.0
4.9.0
Связанные уязвимости
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...
Уязвимость компонента Static Handler веб-фреймворка для создания масштабируемых и высокопроизводительных веб-приложений Echo, позволяющая нарушителю осуществить SSRF-атаку