12 matches found
GO-2026-4502 Echo has a Windows path traversal via backslash in middleware.Static default filesystem in github.com/labstack/echo/v5
Echo has a Windows path traversal via backslash in middleware.Static default filesystem in github.com/labstack/echo/v5...
CVE-2026-25766
Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...
CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem
Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...
CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem
Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...
Echo 路径遍历漏洞
Echo is a set of open-source community systems developed by Veal98, where the front-end and back-end are not separated. Versions 5.0.0 to 5.0.2 of Echo have a path traversal vulnerability. This vulnerability arises from improper handling of backslashes by the middleware.Static on Windows systems,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, in the process's working directory and its subdirectories, with...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, in the process's working directory and its subdirectories, with...
GHSA-PGVM-WXW2-HRV9 Echo has a Windows path traversal via backslash in middleware.Static default filesystem
Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...
Echo has a Windows path traversal via backslash in middleware.Static default filesystem
Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...
Updated perl-Plack package fixes security vulnerability
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...
CVE-2014-5269
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...
CVE-2014-5269
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...