CVE-2020-36565 Vulnerability Details

  /     /     /  

CVE-2020-36565 Metadata Quick Info

CVE Published: 07/12/2022 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: Go | Vendor: github.com/labstack/echo/v4 | Product: github.com/labstack/echo/v4
Status : PUBLISHED

---

CVE-2020-36565 Description

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE 22: Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: github.com/labstack/echo/v4

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).