PT-2022-23026 · Sanic · Sanic
Highahopkins
·
Published
2022-08-01
·
Updated
2022-08-10
·
CVE-2022-35920
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Sanic versions prior to 20.12.7
Sanic versions prior to 21.12.2
Sanic versions prior to 22.6.1
Description
The issue allows access to lateral directories when using
app.static if using encoded %2F URLs. Parent directory traversal is not impacted.Recommendations
For versions prior to 20.12.7, upgrade to version 20.12.7 or later.
For versions prior to 21.12.2, upgrade to version 21.12.2 or later.
For versions prior to 22.6.1, upgrade to version 22.6.1 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sanic