PYSEC-2017-40

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/sanic/PYSEC-2017-40.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2017-40
Aliases
Published
2017-11-10T09:29:00Z
Modified
2024-04-22T23:11:37.054267Z
Summary
[none]
Details

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.

References

Affected packages

PyPI / sanic

Package

Name
sanic
View open source insights on deps.dev
Purl
pkg:pypi/sanic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.1

Affected versions

0.*
0.1.0
0.1.1
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0

Database specific

source 
"https://github.com/pypa/advisory-database/blob/main/vulns/sanic/PYSEC-2017-40.yaml"