CVE-2022-35920: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static
if using encoded %2F
URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
References
Detect and mitigate CVE-2022-35920 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →