漏洞描述
echo是LabStack LLC开源的一个高性能、极简的Go web 框架。LabStack LLC echo v4.8.0 版本存在安全漏洞,该漏洞源于Static Handler 组件存在开放重定向问题,可能导致服务器端请求伪造(SSRF)。
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
漏洞建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/labstack/echo/issues/2259
漏洞复现: