CVE-2022-35920 - Vulnerability Details - OpenCVE

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Sanic Project	Sanic

Configuration 1 [-]

OR	cpe:2.3:a:sanic_project:sanic::::::::
	cpe:2.3:a:sanic_project:sanic::::::::
	cpe:2.3:a:sanic_project:sanic::::::::

No data.

References

Link	Providers
https://github.com/sanic-org/sanic/issues/2478
https://github.com/sanic-org/sanic/pull/2495
https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6

History

Tue, 22 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-01T21:35:27.000Z

Updated: 2025-04-22T17:45:43.669Z

Reserved: 2022-07-15T00:00:00.000Z

Link: CVE-2022-35920

Vulnrichment

Updated: 2024-08-03T09:51:58.602Z

NVD

Status : Modified

Published: 2022-08-01T22:15:10.347

Modified: 2024-11-21T07:11:57.880

Link: CVE-2022-35920

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "sanic", "vendor": "sanic-org", "versions": [{"status": "affected", "version": ">= 22.0.0, < 22.6.1"}, {"status": "affected", "version": ">= 21.0.0, < 21.12.2"}, {"status": "affected", "version": "< 20.12.7"}]}], "descriptions": [{"lang": "en", "value": "Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T21:35:27.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sanic-org/sanic/issues/2478"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sanic-org/sanic/pull/2495"}], "source": {"advisory": "GHSA-8cw9-5hmv-77w6", "discovery": "UNKNOWN"}, "title": "Improper Limitation of a Pathname to a Restricted Directory in sanic", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35920", "STATE": "PUBLIC", "TITLE": "Improper Limitation of a Pathname to a Restricted Directory in sanic"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "sanic", "version": {"version_data": [{"version_value": ">= 22.0.0, < 22.6.1"}, {"version_value": ">= 21.0.0, < 21.12.2"}, {"version_value": "< 20.12.7"}]}}]}, "vendor_name": "sanic-org"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6", "refsource": "CONFIRM", "url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6"}, {"name": "https://github.com/sanic-org/sanic/issues/2478", "refsource": "MISC", "url": "https://github.com/sanic-org/sanic/issues/2478"}, {"name": "https://github.com/sanic-org/sanic/pull/2495", "refsource": "MISC", "url": "https://github.com/sanic-org/sanic/pull/2495"}]}, "source": {"advisory": "GHSA-8cw9-5hmv-77w6", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:58.602Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sanic-org/sanic/issues/2478"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sanic-org/sanic/pull/2495"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:40:06.042217Z", "id": "CVE-2022-35920", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T17:45:43.669Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35920", "datePublished": "2022-08-01T21:35:27.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-22T17:45:43.669Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/sanic-org/sanic/issues/2478", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/sanic-org/sanic/pull/2495", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:58.602Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-35920", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:40:06.042217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:40:08.349Z"}}], "cna": {"title": "Improper Limitation of a Pathname to a Restricted Directory in sanic", "source": {"advisory": "GHSA-8cw9-5hmv-77w6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "sanic-org", "product": "sanic", "versions": [{"status": "affected", "version": ">= 22.0.0, < 22.6.1"}, {"status": "affected", "version": ">= 21.0.0, < 21.12.2"}, {"status": "affected", "version": "< 20.12.7"}]}], "references": [{"url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/sanic-org/sanic/issues/2478", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/sanic-org/sanic/pull/2495", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-08-01T21:35:27.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, "source": {"advisory": "GHSA-8cw9-5hmv-77w6", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": ">= 22.0.0, < 22.6.1"}, {"version_value": ">= 21.0.0, < 21.12.2"}, {"version_value": "< 20.12.7"}]}, "product_name": "sanic"}]}, "vendor_name": "sanic-org"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6", "name": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6", "refsource": "CONFIRM"}, {"url": "https://github.com/sanic-org/sanic/issues/2478", "name": "https://github.com/sanic-org/sanic/issues/2478", "refsource": "MISC"}, {"url": "https://github.com/sanic-org/sanic/pull/2495", "name": "https://github.com/sanic-org/sanic/pull/2495", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-35920", "STATE": "PUBLIC", "TITLE": "Improper Limitation of a Pathname to a Restricted Directory in sanic", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-35920", "state": "PUBLISHED", "dateUpdated": "2025-04-22T17:45:43.669Z", "dateReserved": "2022-07-15T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-08-01T21:35:27.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sanic_project:sanic:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC6FE6CB-23D5-45E1-A733-9F5B5C5FB93A", "versionEndExcluding": "20.12.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sanic_project:sanic:*:*:*:*:*:*:*:*", "matchCriteriaId": "3771039A-1DBB-45BB-8C01-14A5D00AAABB", "versionEndExcluding": "21.12.2", "versionStartIncluding": "21.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sanic_project:sanic:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE7A183-7780-46EB-B96E-8881D7E47984", "versionEndExcluding": "22.6.1", "versionStartIncluding": "22.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue."}, {"lang": "es", "value": "Sanic es un servidor/marco web de c\u00f3digo abierto en python. Las versiones afectadas de sanic permiten el acceso a directorios laterales cuando es usado \"app.static\" si son usadas URLs codificadas \"%2F\". El acceso a los directorios principales no est\u00e1 afectado. Es recomendado a usuarios actualizar. No se presentan mitigaciones conocidas para este problema"}], "id": "CVE-2022-35920", "lastModified": "2024-11-21T07:11:57.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T22:15:10.347", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/sanic-org/sanic/issues/2478"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sanic-org/sanic/pull/2495"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/sanic-org/sanic/issues/2478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sanic-org/sanic/pull/2495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}