CVE-2022-40083
CRITICAL9.6EPSS 58.8%Open redirect in github.com/labstack/echo/v4
Published: 9/29/2022Modified: 4/28/2026
Description
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
Affected packages (3)
- Debian/golang-github-labstack-echofrom 0
- Go/github.com/labstack/echo/v4from 0, < 4.9.0
- Go/github.com/labstack/echo/v4from 0, < 4.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-40083
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-40083
- PATCHhttps://github.com/labstack/echo
- WEBhttps://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1
- WEBhttps://github.com/labstack/echo/issues/2259
- WEBhttps://github.com/labstack/echo/pull/2260
- WEBhttps://github.com/labstack/echo/pull/2260/commits/3154abd1401554fe4d1c09ec550506d8625fc042
- WEBhttps://github.com/labstack/echo/releases/tag/v4.9.0
- WEBhttps://pkg.go.dev/vuln/GO-2022-1031