VYPR

PyPI package

sanic

pkg:pypi/sanic

Vulnerabilities (2)

  • CVE-2022-35920HigAug 1, 2022
    affected >= 22.0.0, < 22.6.1fixed 22.6.1

    Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this

  • CVE-2017-16762HigNov 10, 2017
    affected < 0.5.1fixed 0.5.1

    Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.