Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
LabstackEcho

3 matches found

CVE
CVEadded 2022/09/28 1:34 p.m.107 views

CVE-2022-40083

Labstack Echo v4.8.0 contains an open redirect vulnerability via the Static Handler component that can be exploited to cause Server-Side Request Forgery (SSRF). Affected software: Labstack Echo 4.8.0. Root cause: open redirect in Static Handler allows redirection to arbitrary URLs, enabling SSRF....

9.6CVSS9.1AI score0.58765EPSS
CVE
CVEadded 2022/12/07 4:14 p.m.82 views

CVE-2020-36565

CVE-2020-36565 corresponds to a directory-traversal vulnerability in the Windows environment within the static file handler of labstack/echo/v4. The root cause is improper sanitization of user input, allowing an attacker to read files outside the target directory that the server has permission to...

5.3CVSS5.1AI score0.00295EPSS
CVE
CVEadded 2026/02/19 3:49 p.m.8 views

CVE-2026-25766

The CVE-2026-25766 issue affects Echo (github.com/labstack/echo/v5) on Windows, where middleware.Static uses the default filesystem and path.Clean does not treat backslashes as separators. This lets an unauthenticated attacker read files outside the static root by crafting a path that includes se...

5.3CVSS5.6AI score0.00068EPSS