Access to lateral directories when using app.static
if using encoded %2F
URLs. Parent directory traversal is not impacted.
https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495
If you have any questions or comments about this advisory: * Open an issue in the community forums * Ping us on the Discord server
{ "nvd_published_at": "2022-08-01T22:15:00Z", "github_reviewed_at": "2022-08-06T05:21:19Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-22" ] }