CVE-2020-36565: Echo vulnerable to directory traversal

December 7, 2022

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

References

github.com/advisories/GHSA-j453-hm5x-c46w
github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
github.com/labstack/echo/pull/1718
nvd.nist.gov/vuln/detail/CVE-2020-36565
pkg.go.dev/vuln/GO-2021-0051

Code Behaviors & Features

Detect and mitigate CVE-2020-36565 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →