CVE-2017-16762 — Path Traversal in Project Sanic

Severity

7.5HIGHNVD

EPSS

0.3%

top 47.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 10

Latest updateMay 17

Description

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

OSV

Sanic arbitrary file read and directory traversal↗2022-05-17

▶

GHSA

Sanic arbitrary file read and directory traversal↗2022-05-17

▶

OSV

CVE-2017-16762: Sanic before 0↗2017-11-10

▶

Bugzilla

CVE-2017-16762 python-sanic: sanic: Directory traversal in def _handler function sanic/sanic/static.py [fedora-all]↗2017-11-22

▶

Bugzilla

CVE-2017-16762 sanic: Directory traversal in def _handler function sanic/sanic/static.py↗2017-11-22

▶