CVE-2020-36565

low-risk

Published 2022-12-07

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Echo

Affected Vendors

Labstack

References (6)

Patch https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa

Exploit https://github.com/labstack/echo/pull/1718

Release Notes https://pkg.go.dev/vuln/GO-2021-0051

Patch https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa

Exploit https://github.com/labstack/echo/pull/1718

Release Notes https://pkg.go.dev/vuln/GO-2021-0051

/ 100

low-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal