apthesaurus (=22.2.1), ax (=0.3.0) +2 more potentially affected by CVE-2022-35920 via sanic (>=21.12.0 <=21.12.1)

sanic PYPI version =21.12.0, =22.1.1, =21.1.5.4, =22.2.3 Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

ai-services (>=0.1.0 <=0.5.0rc12), circe-certic (>=0.0.37 <=0.0.40) +21 more potentially affected by CVE-2022-35920 via sanic (>=22.12.0 <=22.6.0)

sanic PYPI version =22.12.0, =0.1.0, =0.0.37, =0.1.4, =0.0.1, =0.1.127, =0.1.0b2, =0.1.0, =0.4.2, =0.1.7, =3.14.0, =3.8.0b1.dev2, =0.1.0, =2.0.0, =2.2.8 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

CVE-2022-35920

creationtimestamp| type| source ---|---|--- 2022-08-02 02:17:19+00:00| seen| https://t.me/cibsecurity/47393...

CVE-2022-35920 Improper Limitation of a Pathname to a Restricted Directory in sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

CVE-2022-35920 Improper Limitation of a Pathname to a Restricted Directory in sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

CVE-2022-35920

CVE-2022-35920 affects Sanic, a Python web framework. Affected versions allow access to lateral directories when using app.static with encoded %2F URLs; parent directory traversal is not impacted. Root cause: improper handling/escaping of encoded path separators in static file handling. Practical...