Sanic Project Sanic vulnerabilities
2 known vulnerabilities affecting sanic_project/sanic.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-35920HIGHCVSS 7.5fixed in 20.12.7≥ 21.0.0, < 21.12.2+1 more2022-08-01
CVE-2022-35920 [HIGH] CWE-22 CVE-2022-35920: Sanic is an opensource python web server/framework. Affected versions of sanic allow access to later
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
ghsanvdosv
CVE-2017-16762HIGHCVSS 7.5≤ 0.5.02017-11-10
CVE-2017-16762 [HIGH] CWE-22 CVE-2017-16762: Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
ghsanvdosv