Vulnerabilities (CVE)

Filtered by vendor Sanic Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35920 1 Sanic Project 1 Sanic 2024-02-28 N/A 7.5 HIGH
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
CVE-2017-16762 1 Sanic Project 1 Sanic 2024-02-28 5.0 MEDIUM 7.5 HIGH
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.