Vulnerability Details CVE-2022-35920
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.9%
CVSS Severity
CVSS v3 Score 8.3
References
- https://github.com/sanic-org/sanic/issues/2478
- https://github.com/sanic-org/sanic/pull/2495
- https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
- https://github.com/sanic-org/sanic/issues/2478
- https://github.com/sanic-org/sanic/pull/2495
- https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
Products affected by CVE-2022-35920
-
cpe:2.3:a:sanic_project:sanic:*
-
cpe:2.3:a:sanic_project:sanic:0.1.2
-
cpe:2.3:a:sanic_project:sanic:0.1.3
-
cpe:2.3:a:sanic_project:sanic:0.1.4
-
cpe:2.3:a:sanic_project:sanic:0.1.5
-
cpe:2.3:a:sanic_project:sanic:0.1.6
-
cpe:2.3:a:sanic_project:sanic:0.1.7
-
cpe:2.3:a:sanic_project:sanic:0.1.8
-
cpe:2.3:a:sanic_project:sanic:0.1.9
-
cpe:2.3:a:sanic_project:sanic:0.2.0
-
cpe:2.3:a:sanic_project:sanic:0.3.0
-
cpe:2.3:a:sanic_project:sanic:0.3.1
-
cpe:2.3:a:sanic_project:sanic:0.4.0
-
cpe:2.3:a:sanic_project:sanic:0.4.1
-
cpe:2.3:a:sanic_project:sanic:0.5.0
-
cpe:2.3:a:sanic_project:sanic:0.5.1
-
cpe:2.3:a:sanic_project:sanic:0.5.2
-
cpe:2.3:a:sanic_project:sanic:0.5.3
-
cpe:2.3:a:sanic_project:sanic:0.5.4
-
cpe:2.3:a:sanic_project:sanic:0.6.0
-
cpe:2.3:a:sanic_project:sanic:0.7.0
-
cpe:2.3:a:sanic_project:sanic:0.8.0
-
cpe:2.3:a:sanic_project:sanic:0.8.1
-
cpe:2.3:a:sanic_project:sanic:0.8.2
-
cpe:2.3:a:sanic_project:sanic:0.8.3
-
cpe:2.3:a:sanic_project:sanic:18.12.0
-
cpe:2.3:a:sanic_project:sanic:19.03.1
-
cpe:2.3:a:sanic_project:sanic:19.3
-
cpe:2.3:a:sanic_project:sanic:19.6.0
-
cpe:2.3:a:sanic_project:sanic:19.6.1
-
cpe:2.3:a:sanic_project:sanic:19.6.2
-
cpe:2.3:a:sanic_project:sanic:19.6.3
-
cpe:2.3:a:sanic_project:sanic:19.9.0