VYPR
Vendor

GitHub.com/labstack/echo/v4

Products
2
CVEs
2
Across products
2
Status
Private

Products

2

Recent CVEs

2
  • CVE-2026-55677Jun 27, 2026
    risk 0.00cvss epss 0.00

    Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path (preserving %2F as-is), while StaticDirectoryHandler unescapes %2F to / before resolving filesystem…

  • CVE-2020-36565Dec 7, 2022
    risk 0.00cvss epss 0.01

    Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.