Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-GOLANG-GITHUBCOMLABSTACKECHOV4-1083987
- published 18 Feb 2021
- disclosed 27 Dec 2020
- credit aldas
How to fix?
github.com/labstack/echo/v4 to version 4.2.0 or higher.
Affected versions of this package are vulnerable to Web Cache Poisoning. It is possible to inject field values from query param to a POST method body.