Sanic Project: Security Vulnerabilities
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
CVSS Score
8.3
EPSS Score
0.003
Published
2022-08-01
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-10