PyPI package
sanic
pkg:pypi/sanic
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-35920 | Hig | 8.3 | >= 22.0.0, < 22.6.1 | 22.6.1 | Aug 1, 2022 | Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this | |
| CVE-2017-16762 | Hig | 7.5 | < 0.5.1 | 0.5.1 | Nov 10, 2017 | Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. |
- affected >= 22.0.0, < 22.6.1fixed 22.6.1
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this
- affected < 0.5.1fixed 0.5.1
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.