Ruokeqx

**Name of the Vulnerable Software and Affected Versions** Hertz versions prior to 0.3.1 **Description** The issue is related to a path traversal vulnerability via the `normalizePath` function. This vulnerability is caused by improper path sanitization on Windows, which permits path traversal attacks. Specifically, when using the `Static` or `StaticFS` functions for static file serving, an attacker can access files from outside the filesystem root. This issue does not affect non-Windows systems. **Recommendations** For versions prior to 0.3.1, update to version 0.3.1 to resolve the issue. As a temporary workaround, consider disabling the `normalizePath` function or restricting access to the `Static` and `StaticFS` functions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Labstack Echo version 4.8.0 **Description** The issue is related to an open redirect vulnerability via the Static Handler component, which can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). This allows a remote attacker to perform an SSRF attack by redirecting to an untrusted site. **Recommendations** For Labstack Echo version 4.8.0, update to version 4.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the Static Handler component to minimize the risk of exploitation.