CVE-2022-40083

{"id": "CVE-2022-40083", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2022-09-28T14:15:10.953", "references": [{"url": "https://github.com/labstack/echo/issues/2259", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF)."}, {"lang": "es", "value": "Se ha detectado que Labstack Echo versi\u00f3n v4.8.0, contiene una vulnerabilidad de redireccionamiento abierto por medio del componente Static Handler. Esta vulnerabilidad puede ser aprovechada por los atacantes para causar un ataque de tipo Server-Side Request Forgery (SSRF)"}], "lastModified": "2022-09-29T19:04:04.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:labstack:echo:4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD2E366-5A4E-433B-BBAA-2269554D3608"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}