Описание
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.12.7 (исключая)Версия от 21.0.0 (включая) до 21.12.2 (исключая)Версия от 22.0.0 (включая) до 22.6.1 (исключая)
Одно из
cpe:2.3:a:sanic_project:sanic:*:*:*:*:*:*:*:*
cpe:2.3:a:sanic_project:sanic:*:*:*:*:*:*:*:*
cpe:2.3:a:sanic_project:sanic:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.0075
Низкий
8.3 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.3
github
больше 3 лет назад
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
EPSS
Процентиль: 73%
0.0075
Низкий
8.3 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22