EUVD-2017-0127

Malware in sbrugna...

EUVD-2022-6514

Malicious code in bioql PyPI...

CVE-2022-35920

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs

Impact Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches - v20.12.7 LTS - v21.12.2 LTS - v22.6.1 References https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495 For more...

aclients (>=1.0.0b31 <=1.0.1b1), aiocqhttp-sanic (>=1.2.3 <=1.2.3rc1) +71 more potentially affected by CVE-2022-35920 via sanic (>=0.3.1 <=20.12.2)

sanic PYPI version =0.3.1, =1.0.0b31, =1.2.3, =0.1.0a6, =0.6.1, =0.39.0, =0.0.4, =0.8.0, =0.0.2, =0.0.2.8.5 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

ai-services (>=0.1.0 <=0.5.0rc12), circe-certic (>=0.0.37 <=0.0.40) +21 more potentially affected by CVE-2022-35920 via sanic (>=22.12.0 <=22.6.0)

sanic PYPI version =22.12.0, =0.1.0, =0.0.37, =0.1.4, =0.0.1, =0.1.127, =0.1.0b2, =0.1.0, =0.4.2, =0.1.7, =3.14.0, =3.8.0b1.dev2, =0.1.0, =2.0.0, =2.2.8 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

GHSA-8CW9-5HMV-77W6 sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs

Impact Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches - v20.12.7 LTS - v21.12.2 LTS - v22.6.1 References https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495 For more...

apthesaurus (=22.2.1), ax (=0.3.0) +2 more potentially affected by CVE-2022-35920 via sanic (>=21.12.0 <=21.12.1)

sanic PYPI version =21.12.0, =22.1.1, =21.1.5.4, =22.2.3 Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

Directory Traversal

sanic is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of URL paths in the handler function allowing an attacker to access lateral directories when using app.static if using encoded %2F URLs...

CVE-2022-35920

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

Directory traversal

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

CVE-2022-35920 Improper Limitation of a Pathname to a Restricted Directory in sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

CVE-2022-35920 Improper Limitation of a Pathname to a Restricted Directory in sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

CVE-2022-35920 Improper Limitation of a Pathname to a Restricted Directory in sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

CVE-2022-35920

CVE-2022-35920 affects Sanic, a Python web framework. Affected versions allow access to lateral directories when using app.static with encoded %2F URLs; parent directory traversal is not impacted. Root cause: improper handling/escaping of encoded path separators in static file handling. Practical...

Sanic 路径遍历漏洞

Sanic is a Python 3.7+ web server and web framework open sourced by the Sanic Community Organization. A path traversal vulnerability exists in versions of Sanic prior to 22.9, which stems from a failure to properly escape the %2F string. Affected versions of Sanic allow access to horizontal...

PT-2022-23026 · Sanic · Sanic

Name of the Vulnerable Software and Affected Versions: Sanic versions prior to 20.12.7 Sanic versions prior to 21.12.2 Sanic versions prior to 22.6.1 Description: The issue allows access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not...

rsanic (>=0.1.1 <=0.4.0), sanic-cors (>=0.4.1 <=0.4.1.4) +1 more potentially affected by CVE-2017-16762 via sanic (>=0.3.1 <=0.5.0)

sanic PYPI version =0.3.1, =0.1.1, =0.4.1, =0.5.0, =0.5.0.1 Source cves: CVE-2017-16762 Source advisory: OSV:GHSA-MPMF-HR8P-P49G...

GHSA-MPMF-HR8P-P49G Sanic arbitrary file read and directory traversal

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

Sanic arbitrary file read and directory traversal

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...