Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/lin-snow/ech0

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/lin-snow/ech0 in go

High
23 days ago

ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI GSA_kwCzR0hTQS1mcHc2LWhyZzUtcTV4Nc4ABWaK

go github.com/lin-snow/Ech0
High
23 days ago

Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft GSA_kwCzR0hTQS1wNjRqLWY0eDktd3E2Ns4ABWaJ

go github.com/lin-snow/Ech0
High
23 days ago

Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo GSA_kwCzR0hTQS04bWM2LXhqcHItaDk4eM4ABWZ1

go github.com/lin-snow/ech0
Moderate
23 days ago

Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count GSA_kwCzR0hTQS1wajZxLTR2cTQtcjhjZ84ABWZ0

go github.com/lin-snow/Ech0
Moderate
23 days ago

Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation GSA_kwCzR0hTQS1yZ2o3LXZnOHYtajR3cs4ABWZz

go github.com/lin-snow/ech0
Moderate
23 days ago

Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers GSA_kwCzR0hTQS0zdjg1LWZxdmgtN3J4Zs4ABWZy

go github.com/lin-snow/Ech0
Moderate
23 days ago

Ech0 comment model's Email field returned on public /api/comments endpoints GSA_kwCzR0hTQS1yajRnLXJxZ2gtcng5aM4ABWZx

go github.com/lin-snow/Ech0
Moderate
about 2 months ago

Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File Upload GSA_kwCzR0hTQS02OWh4LTYzcHYtZjhmNM4ABVGJ

go github.com/lin-snow/ech0
Moderate
about 2 months ago

Ech0 has SSRF via DNS Resolution Bypass in Webhook URL Validation GSA_kwCzR0hTQS1yMng3LTQyN2YtcnE2Oc4ABVGI

go github.com/lin-snow/ech0
Moderate
about 2 months ago

Ech0's Missing Authorization on System Logs Allows Non-Admin Information Disclosure GSA_kwCzR0hTQS13OGpqLWN3bWMtd2dxMs4ABVGH

go github.com/lin-snow/ech0
Moderate
about 2 months ago

Ech0 Comment Panel Endpoints Missing RequireScopes Middleware — Scoped Access Token Bypass GSA_kwCzR0hTQS1md2c3LTUzcDQtZzMzY84ABVGG

go github.com/lin-snow/ech0
Moderate
about 2 months ago

Ech0 Scope Bypass: profile:read Access Token Can Change Admin Password and Escalate to Unrestricted Session GSA_kwCzR0hTQS1obTJoLXd3d2gtZzQ5eM4ABVGF

go github.com/lin-snow/ech0
Moderate
about 2 months ago

Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs GSA_kwCzR0hTQS1jcDc5LTltd3Itd3I0Oc4ABVGA

go github.com/lin-snow/ech0
High
about 2 months ago

Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export GSA_kwCzR0hTQS00aDlxLXA1ajQteHZ2aM4ABVF_

go github.com/lin-snow/ech0
High
about 2 months ago

Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata GSA_kwCzR0hTQS1jcWdmLWY0eDctZzZ3Y84ABUq4

go github.com/lin-snow/ech0
High
about 2 months ago

Ech0 has Unauthenticated Server-Side Request Forgery in Website Preview Feature GSA_kwCzR0hTQS13YzRoLTIzNDgtamMzcM4ABUq0

go github.com/lin-snow/ech0
Moderate
2 months ago

Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint GSA_kwCzR0hTQS1tOTgzLTc0MjYtNWhyas4ABUHx

go github.com/lin-snow/ech0

Filter by Severity

Moderate 11 High 6