V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2022-40083
DEB
Critical

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be l…

CVSS
9.6
Critical
EPSS
0.02
p81
Published
2022-01-01
Updated
2022-01-01
Description

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).

Tags · CWE
Pre-authOpen redirect
CWE-601
CAPEC-178
Affected products
Golang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echoGolang-github-labstack-echo.v2Golang-github-labstack-echo.v2Golang-github-labstack-echo.v2Golang-github-labstack-echo.v2Golang-github-labstack-echo.v2Golang-github-labstack-echo.v2Golang-github-labstack-echo.v3Golang-github-labstack-echo.v3Golang-github-labstack-echo.v3Golang-github-labstack-echo.v3Golang-github-labstack-echo.v3
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: C
Changed (C)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.023 · p81
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Golang-github-labstack-echoGolang-github-labstack-echo.v2Golang-github-labstack-echo.v3
Canonical
Golang-github-labstack-echoGolang-github-labstack-echo.v2Golang-github-labstack-echo.v3Golang-github-labstack-gommon
Labstack
Echo
ProductVendorStatus
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echoTracked
golang-github-labstack-echo.v2Tracked
golang-github-labstack-echo.v2Tracked
golang-github-labstack-echo.v2Tracked
golang-github-labstack-echo.v2Tracked
golang-github-labstack-echo.v2Tracked
golang-github-labstack-echo.v2Tracked
golang-github-labstack-echo.v3Tracked
golang-github-labstack-echo.v3Tracked
golang-github-labstack-echo.v3Tracked
golang-github-labstack-echo.v3Tracked
golang-github-labstack-echo.v3Tracked
Showing first 20 of 31
Source databases
DEB
CVE
UBU
Related vulnerabilities
BDU:2023-08980