oapi-codegen icon indicating copy to clipboard operation
oapi-codegen copied to clipboard
verified publisher icon deepmap

Security: github.com/labstack/echo/v4

Open andig opened this issue 3 years ago • 1 comments

CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue.

See https://github.com/labstack/echo/releases/tag/v4.9.0

andig avatar Oct 04 '22 12:10 andig

This is actually closed in https://github.com/deepmap/oapi-codegen/commit/fc01aee157677c08511d5c86625c281e9fd47511, a release would probably be nice.

andig avatar Oct 05 '22 09:10 andig

A release would be helpful to resolve the vulnerability.

eepurichandra avatar Oct 14 '22 10:10 eepurichandra

@deepmap-marcinr @jamietanna I suggest that this can be closed since release v1.12.0 fixed the issue.

leejuyuu avatar Apr 28 '23 02:04 leejuyuu