CVE-2022-40083: URL Redirection to Untrusted Site ('Open Redirect')

September 29, 2022 (updated September 30, 2022)

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).

References

github.com/advisories/GHSA-crxj-hrmp-4rwf
github.com/labstack/echo/issues/2259
github.com/labstack/echo/pull/2260
github.com/labstack/echo/releases/tag/v4.9.0
nvd.nist.gov/vuln/detail/CVE-2022-40083

Code Behaviors & Features

Detect and mitigate CVE-2022-40083 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →