Sanic · Sanic · CVE-2022-35920
**Name of the Vulnerable Software and Affected Versions**
Sanic versions prior to 20.12.7
Sanic versions prior to 21.12.2
Sanic versions prior to 22.6.1
**Description**
The issue allows access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted.
**Recommendations**
For versions prior to 20.12.7, upgrade to version 20.12.7 or later.
For versions prior to 21.12.2, upgrade to version 21.12.2 or later.
For versions prior to 22.6.1, upgrade to version 22.6.1 or later.