data/reports/GO-2021-0051.yaml - vulndb - Git at Google

 modules:
   - module: github.com/labstack/echo/v4
     versions:
       - fixed: 4.1.18-0.20201215153152-4422e3b66b9f
     vulnerable_at: 4.1.17
     packages:
       - package: github.com/labstack/echo/v4
         goos:
           - windows
         symbols:
           - common.static
         derived_symbols:
           - Echo.Static
           - Group.Static
 description: |
     Due to improper sanitization of user input on Windows, the static file handler
     allows for directory traversal, allowing an attacker to read files outside of
     the target directory that the server has permission to read.
 published: 2021-04-14T20:04:52Z
 ghsas:
   - GHSA-j453-hm5x-c46w
 credit: '@little-cui (Apache ServiceComb)'
 references:
   - fix: https://github.com/labstack/echo/pull/1718
   - fix: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
 cve_metadata:
     id: CVE-2020-36565
     cwe: 'CWE 22: Improper Limitation of a Pathname to a Restricted Directory (''Path
         Traversal'')'
	modules:
	- module: github.com/labstack/echo/v4
	versions:
	- fixed: 4.1.18-0.20201215153152-4422e3b66b9f
	vulnerable_at: 4.1.17
	packages:
	- package: github.com/labstack/echo/v4
	goos:
	- windows
	symbols:
	- common.static
	derived_symbols:
	- Echo.Static
	- Group.Static
	description: \|
	Due to improper sanitization of user input on Windows, the static file handler
	allows for directory traversal, allowing an attacker to read files outside of
	the target directory that the server has permission to read.
	published: 2021-04-14T20:04:52Z
	ghsas:
	- GHSA-j453-hm5x-c46w
	credit: '@little-cui (Apache ServiceComb)'
	references:
	- fix: https://github.com/labstack/echo/pull/1718
	- fix: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
	cve_metadata:
	id: CVE-2020-36565
	cwe: 'CWE 22: Improper Limitation of a Pathname to a Restricted Directory (''Path
	Traversal'')'