CVE-2020-36565

Опубликовано: 07 дек. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Ссылки

https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
Patch
Third Party Advisory
https://github.com/labstack/echo/pull/1718
Exploit
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2021-0051
Release Notes
Vendor Advisory
https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
Patch
Third Party Advisory
https://github.com/labstack/echo/pull/1718
Exploit
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2021-0051
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:labstack:echo:*:*:*:*:*:go:*:*

Версия до 4.2.0 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00399

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-36565

CVSS3: 5.3

ubuntu

около 3 лет назад

CVE-2020-36565

CVSS3: 5.3

debian

около 3 лет назад

Due to improper sanitization of user input on Windows, the static file ...

GHSA-j453-hm5x-c46w

CVSS3: 5.3

github

около 3 лет назад

Echo vulnerable to directory traversal

EPSS

Процентиль: 60%

0.00399

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22