5 matches found
ai-services (>=0.1.0 <=0.5.0rc12), circe-certic (>=0.0.37 <=0.0.40) +21 more potentially affected by CVE-2022-35920 via sanic (>=22.12.0 <=22.6.0)
sanic PYPI version =22.12.0, =0.1.0, =0.0.37, =0.1.4, =0.0.1, =0.1.127, =0.1.0b2, =0.1.0, =0.4.2, =0.1.7, =3.14.0, =3.8.0b1.dev2, =0.1.0, =2.0.0, =2.2.8 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...
apthesaurus (=22.2.1), ax (=0.3.0) +2 more potentially affected by CVE-2022-35920 via sanic (>=21.12.0 <=21.12.1)
sanic PYPI version =21.12.0, =22.1.1, =21.1.5.4, =22.2.3 Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...
aclients (>=1.0.0b31 <=1.0.1b1), aiocqhttp-sanic (>=1.2.3 <=1.2.3rc1) +71 more potentially affected by unknown CVE via sanic (>=0.3.1 <=20.12.2)
sanic PYPI version =0.3.1, =1.0.0b31, =1.2.3, =0.1.0a6, =0.6.1, =0.39.0, =0.0.4, =0.8.0, =0.0.2, =0.0.2.8.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-7P79-6X2V-5H88...
HTTP Header Injection
sanic is vulnerable to HTTP header inject attacks. The vulnerability exists due to the lack of sanitization of the URL field, allowing arbitrary header injection...
Directory traversal
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...