Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
References
Link | Resource |
---|---|
https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa | Patch Third Party Advisory |
https://github.com/labstack/echo/pull/1718 | Exploit Patch Third Party Advisory |
https://pkg.go.dev/vuln/GO-2021-0051 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
12 Dec 2022, 15:18
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa - Patch, Third Party Advisory | |
References | (MISC) https://pkg.go.dev/vuln/GO-2021-0051 - Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/labstack/echo/pull/1718 - Exploit, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:labstack:echo:*:*:*:*:*:go:*:* |
|
CWE | CWE-22 | |
First Time |
Microsoft windows
Microsoft Labstack echo Labstack |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
07 Dec 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-07 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2020-36565
Mitre link : CVE-2020-36565
CVE.ORG link : CVE-2020-36565
JSON object : View
Products Affected
microsoft
- windows
labstack
- echo
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')