EPSS
Percentile
45.5%
sanic is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of URL paths in the _handler function allowing an attacker to access lateral directories when using app.static if using encoded %2F URLs.
_handler
app.static
%2F
github.com/sanic-org/sanic/issues/2477
github.com/sanic-org/sanic/issues/2478
github.com/sanic-org/sanic/pull/2495
github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6