Vulnerability CVE-2022-35920


Published: 2022-08-01   Modified: 2022-08-02

Description:
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://github.com/sanic-org/sanic/issues/2478
https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
https://github.com/sanic-org/sanic/pull/2495

Copyright 2022, cxsecurity.com

 

Back to Top