Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/channelcat/sanic/issues/633 | Exploit Third Party Advisory | 
| https://github.com/channelcat/sanic/releases/tag/0.5.1 | Release Notes Third Party Advisory | 
| https://github.com/channelcat/sanic/issues/633 | Exploit Third Party Advisory | 
| https://github.com/channelcat/sanic/releases/tag/0.5.1 | Release Notes Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2017-11-10 09:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-16762
Mitre link : CVE-2017-16762
CVE.ORG link : CVE-2017-16762
JSON object : View
Products Affected
                sanic_project
- sanic
CWE
                
                    
                        
                        CWE-22
                        
            Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
