CVE-2022-35920, GHSA-8cw9-5hmv-77w6
pypi/sanic
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static
if using encoded %2F
URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
All versions before 20.12.7, all versions starting from 21.0.0 before 21.12.2, all versions starting from 22.0.0 before 22.6.1
Upgrade to versions 20.12.7, 21.12.2, 22.6.1 or above.
2022-08-09
source |