4 matches found
GHSA-8CW9-5HMV-77W6 sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
Impact Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches - v20.12.7 LTS - v21.12.2 LTS - v22.6.1 References https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495 For more...
PT-2022-23026
Name of the Vulnerable Software and Affected Versions Sanic versions prior to 20.12.7 Sanic versions prior to 21.12.2 Sanic versions prior to 22.6.1 Description The issue allows access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not...
Sanic 路径遍历漏洞
Sanic is a Python 3.7+ web server and web framework open sourced by the Sanic Community Organization. A path traversal vulnerability exists in versions of Sanic prior to 22.9, which stems from a failure to properly escape the %2F string. Affected versions of Sanic allow access to horizontal...
CVE-2021-25328
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service DoS or possible code execution on the device...