CVE-2020-36565

Summary

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Affected Software

VendorProductVersion RangeStatus
github.com/labstack/echo/v4github.com/labstack/echo/v40 < 4.1.18-0.20201215153152-4422e3b66b9faffected

Weaknesses

  • CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References