CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).

CVSS v3.0 9.6 CRITICAL

9.6^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/labstack/echo/issues/2259	Exploit Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:labstack:echo:4.8.0:*:*:*:*:*:*:*

Information

Published : 2022-09-28 07:15

Updated : 2022-09-29 12:04

NVD link : CVE-2022-40083

Mitre link : CVE-2022-40083

JSON object : View

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Products Affected

labstack

echo

9.6 /10