Web Cache Poisoning Affecting github.com/labstack/echo/v4 package, versions <4.2.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMLABSTACKECHOV4-1083987
- published 18 Feb 2021
- disclosed 27 Dec 2020
- credit aldas
How to fix?
Upgrade github.com/labstack/echo/v4
to version 4.2.0 or higher.
Overview
Affected versions of this package are vulnerable to Web Cache Poisoning. It is possible to inject field values from query param to a POST method body.
CVSS Scores
version 3.1