Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-8cw9-5hmv-77w6: sanic vulnerable to Path Traversal

Impact

Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted.

Patches

  • v20.12.7 (LTS)
  • v21.12.2 (LTS)
  • v22.6.1

References

https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495

For more information

If you have any questions or comments about this advisory:

ghsa
Open in Source
#git

sanic vulnerable to Path Traversal

High severity GitHub Reviewed Published Aug 6, 2022 in sanic-org/sanic • Updated Aug 6, 2022

Related news

CVE-2022-35920: Sanic static handler allows parent ".." directory traversal · Issue #2478 · sanic-org/sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa