CVE-2022-40083
Open redirect in github.com/labstack/echo/v4
9.6
CRITICAL
CVSS 3.1
EPSS 58.8%
Description
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
How to fix CVE-2022-40083
To remediate CVE-2022-40083, upgrade the affected package to a fixed version below.
- Debian/golang-github-labstack-echo—no fix listed
- —upgrade to 4.9.0 or later
- —upgrade to 4.9.0 or later
Is CVE-2022-40083 being exploited?
Likely — EPSS is 58.8%, placing CVE-2022-40083 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0
- from 0, < 4.9.0
- from 0, < 4.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |