2 matches found
Directory traversal
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...
CVE-2022-35920
CVE-2022-35920 affects Sanic, a Python web framework. Affected versions allow access to lateral directories when using app.static with encoded %2F URLs; parent directory traversal is not impacted. Root cause: improper handling/escaping of encoded path separators in static file handling. Practical...