reports/GO-2021-0051.yaml - vulndb - Git at Google

 module: github.com/labstack/echo/v4
 versions:
   - fixed: v4.1.18-0.20201215153152-4422e3b66b9f
 description: |
   Due to improper sanitization of user input on Windows, the static file handler
   allows for directory traversal, allowing an attacker to read files outside of
   the target directory that the server has permission to read.
 credit: "@little-cui (Apache ServiceComb)"
 symbols:
   - common.static
 os:
   - windows
 links:
   pr: https://github.com/labstack/echo/pull/1718
   commit: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
	module: github.com/labstack/echo/v4
	versions:
	- fixed: v4.1.18-0.20201215153152-4422e3b66b9f
	description: \|
	Due to improper sanitization of user input on Windows, the static file handler
	allows for directory traversal, allowing an attacker to read files outside of
	the target directory that the server has permission to read.
	credit: "@little-cui (Apache ServiceComb)"
	symbols:
	- common.static
	os:
	- windows
	links:
	pr: https://github.com/labstack/echo/pull/1718
	commit: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa