-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Tags: labstack/echo
Tags
v5.0.3
Merge pull request #2891 from aldas/fix_staticmw
Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @shblue21.
This applies to cases when:
- Windows is used as OS
- `middleware.StaticConfig.Filesystem` is `nil` (default)
- `echo.Filesystem` is has not been set explicitly (default)
Exposure is restricted to the active process working directory and its subfolders.
Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @shblue21.
This applies to cases when:
- Windows is used as OS
- `middleware.StaticConfig.Filesystem` is `nil` (default)
- `echo.Filesystem` is has not been set explicitly (default)
Exposure is restricted to the active process working directory and its subfolders.
v4.13.3
Update golang.org/x/net dependency [GO-2024-3333](https://pkg.go.dev/...
...vuln/GO-2024-3333) (#2722)
...vuln/GO-2024-3333) (#2722)
PreviousNext