Home > Vulnerability Database > CVE-2020-36565

Mend.io Vulnerability Database

CVE-2020-36565

Good to know:

Date: December 7, 2022

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Language: Go

Severity Score

5.3

Related Resources (6)

Url: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa

Url: https://github.com/labstack/echo

Url: https://pkg.go.dev/vuln/GO-2021-0051

Url: https://github.com/labstack/echo/pull/1718

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36565

Url: https://www.mend.io/vulnerability-database/CVE-2020-36565

Severity Score

5.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version github.com/labstack/echo/v4 - v4.2.0;github.com/labstack/echo/v4 - v4.1.18-0.20201215153152-4422e3b66b9f

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36565

Good to know:

Date: December 7, 2022

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?