Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Limitation of a Pathname to a Restricted Directory in sanic
Vulnerability Description
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Sanic 路径遍历漏洞
Vulnerability Description
Sanic是Sanic Community Organization开源的一个 Python 3.7+ 的 Web 服务器和 Web 框架。 Sanic 22.9之前版本存在路径遍历漏洞,该漏洞源于未能正确转义 %2F 字符串,受影响的sanic版本在使用app.static时允许访问横向目录,父目录遍历不受影响,建议用户升级,此问题没有已知的解决方法。
CVSS Information
N/A
Vulnerability Type
N/A