-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability was explicitly patched in StaticDirectoryHandler via the addition of sanitizeURI() to clean redirect paths. The commit diff shows critical changes to the redirect logic in echo_fs.go where Location headers were previously unsanitized. Static handler registration functions (Echo.Static/Echo.StaticFS) directly utilized this vulnerable handler. The CVE description and patch message both explicitly reference StaticDirectoryHandler as the root cause, with e.Static/e.StaticFs being primary exposure vectors.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/labstack/echo/v4 | go | < 4.9.0 | 4.9.0 |
GoGoOngoing coverage of React2Shell