Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jcnhqLWhybXAtNHJ3Zs4AAvG8
Labstack Echo Open Redirect vulnerability
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue.
Permalink: https://github.com/advisories/GHSA-crxj-hrmp-4rwfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcnhqLWhybXAtNHJ3Zs4AAvG8
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 9.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Identifiers: GHSA-crxj-hrmp-4rwf, CVE-2022-40083
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-40083
- https://github.com/labstack/echo/issues/2259
- https://github.com/labstack/echo/pull/2260
- https://github.com/labstack/echo/releases/tag/v4.9.0
- https://pkg.go.dev/vuln/GO-2022-1031
- https://github.com/labstack/echo/pull/2260/commits/3154abd1401554fe4d1c09ec550506d8625fc042
- https://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1
- https://github.com/advisories/GHSA-crxj-hrmp-4rwf
Blast Radius: 41.3
Affected Packages
go:github.com/labstack/echo/v4
Dependent packages: 5,814Dependent repositories: 17,976
Downloads:
Affected Version Ranges: < 4.9.0
Fixed in: 4.9.0
All affected versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.7.0, 4.7.1, 4.7.2, 4.8.0
All unaffected versions: 4.9.0, 4.9.1, 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4