Skip to content

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in sanic

High
ahopkins published GHSA-8cw9-5hmv-77w6 Jul 31, 2022

Package

pip sanic (pip)

Affected versions

<22.9

Patched versions

22.6.1,21.12.2,20.12.7

Description

Impact

Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted.

Patches

  • v20.12.7 (LTS)
  • v21.12.2 (LTS)
  • v22.6.1

References

#2478
#2495

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2022-35920

Weaknesses