CVE-2022-35920 : What You Need to Know
Discover the impact of CVE-2022-35920 on Sanic, affecting lateral directory access. Learn about the vulnerability, affected versions, and mitigation steps.
A detailed overview of CVE-2022-35920 affecting the Sanic web server/framework.
Understanding CVE-2022-35920
CVE-2022-35920 highlights an issue of improper limitation of a pathname to a restricted directory in the Sanic framework.
What is CVE-2022-35920?
Sanic, an open-source Python web server/framework, is impacted by CVE-2022-35920. It allows access to lateral directories when using
app.static%2FThe Impact of CVE-2022-35920
The vulnerability poses a high severity risk with a CVSS base score of 8.3. It can lead to limited confidentiality and integrity impacts with low availability impact.
Technical Details of CVE-2022-35920
Exploring the specifics of the vulnerability in Sanic.
Vulnerability Description
CVE-2022-35920 exposes a flaw where lateral directories can be accessed when utilizing
app.staticAffected Systems and Versions
Sanic versions >= 22.0.0 and < 22.6.1, >= 21.0.0 and < 21.12.2, and < 20.12.7 are known to be affected by this vulnerability.
Exploitation Mechanism
The vulnerability can be exploited by malicious actors leveraging encoded URLs to access unintended directories.
Mitigation and Prevention
Guidance on addressing and safeguarding against CVE-2022-35920.
Immediate Steps to Take
Users are strongly advised to upgrade to non-vulnerable versions of Sanic to mitigate the risk associated with CVE-2022-35920.
Long-Term Security Practices
Implement a proactive security approach by regularly updating software and monitoring for potential vulnerabilities.
Patching and Updates
Stay informed about security patches and updates released by Sanic to address identified vulnerabilities.