Safety vulnerability ID: 50438
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Sanic 22.6.1, 21.12.2 and 20.12.7 include a fix for CVE-2022-35920: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
Latest version: 23.12.1
A web server and web framework that's written to go fast. Build fast. Run fast.
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue. See CVE-2022-35920.
CONFIRM:https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6: https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
MISC:https://github.com/sanic-org/sanic/issues/2478: https://github.com/sanic-org/sanic/issues/2478
MISC:https://github.com/sanic-org/sanic/pull/2495: https://github.com/sanic-org/sanic/pull/2495
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application