data/reports/GO-2022-1031.yaml - vulndb - Git at Google

 modules:
   - module: github.com/labstack/echo/v4
     versions:
       - fixed: 4.9.0
     vulnerable_at: 4.8.0
     packages:
       - package: github.com/labstack/echo/v4
         symbols:
           - StaticDirectoryHandler
         derived_symbols:
           - Echo.Static
           - Echo.StaticFS
           - Group.Static
           - Group.StaticFS
 description: |
     Labstack Echo contains an open redirect vulnerability via the Static
     Handler component. This vulnerability can be leveraged by attackers
     to cause a Server-Side Request Forgery (SSRF).
 cves:
   - CVE-2022-40083
 ghsas:
   - GHSA-crxj-hrmp-4rwf
 references:
   - report: https://github.com/labstack/echo/issues/2259
   - fix: https://github.com/labstack/echo/pull/2260
	modules:
	- module: github.com/labstack/echo/v4
	versions:
	- fixed: 4.9.0
	vulnerable_at: 4.8.0
	packages:
	- package: github.com/labstack/echo/v4
	symbols:
	- StaticDirectoryHandler
	derived_symbols:
	- Echo.Static
	- Echo.StaticFS
	- Group.Static
	- Group.StaticFS
	description: \|
	Labstack Echo contains an open redirect vulnerability via the Static
	Handler component. This vulnerability can be leveraged by attackers
	to cause a Server-Side Request Forgery (SSRF).
	cves:
	- CVE-2022-40083
	ghsas:
	- GHSA-crxj-hrmp-4rwf
	references:
	- report: https://github.com/labstack/echo/issues/2259
	- fix: https://github.com/labstack/echo/pull/2260