sanic-org/sanic

Releases89

Frequency1 month 1 week

Last Release 3 days ago

Stars18.6K

Accelerate your web app development | Build fast. Run fast.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-35920 ↗	Aug 1, 2022Monday, 1 August 2022, 22:15	8.3 HIGH	—
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
CVE-2017-16762 ↗	Nov 10, 2017Friday, 10 November 2017, 09:29	—	5 MEDIUM
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.