—
GO-2026-5541
Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count in github.com/lin-snow/ech0
Details
Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count in github.com/lin-snow/ech0
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/lin-snow/ech0
Introduced in:
0 Fixed in: 1.4.8-0.20260503035905-cecc2c19b590 Fix
go get github.com/lin-snow/ech0@v1.4.8-0.20260503035905-cecc2c19b590