Filtered by vendor Sanic Project
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35920 | 1 Sanic Project | 1 Sanic | 2024-02-28 | N/A | 7.5 HIGH |
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue. | |||||
CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. |