Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this...
8.3CVSS
7.5AI Score
0.001EPSS
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f...
7.5CVSS
7.4AI Score
0.004EPSS