CVE-2022-40083
CRITICAL9.6EPSS 58.8%Labstack Echo Open Redirect vulnerability
發布日:2022/9/29修改日:2023/11/8
描述
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue.
受影響套件(3)
- Debian/golang-github-labstack-echofrom 0
- Go/github.com/labstack/echo/v4from 0, < 4.9.0
- Go/github.com/labstack/echo/v4from 0, < 4.9.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-40083
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-40083
- PATCHhttps://github.com/labstack/echo
- WEBhttps://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1
- WEBhttps://github.com/labstack/echo/issues/2259
- WEBhttps://github.com/labstack/echo/pull/2260
- WEBhttps://github.com/labstack/echo/pull/2260/commits/3154abd1401554fe4d1c09ec550506d8625fc042
- WEBhttps://github.com/labstack/echo/releases/tag/v4.9.0
- WEBhttps://pkg.go.dev/vuln/GO-2022-1031