Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/sanic@0.1.3
Typepypi
Namespace
Namesanic
Version0.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version20.12.7
Latest_non_vulnerable_version22.6.1
Affected_by_vulnerabilities
0
url VCID-bq1p-nk7w-bbfv
vulnerability_id VCID-bq1p-nk7w-bbfv
summary Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35920
reference_id
reference_type
scores
0
value 0.0075
scoring_system epss
scoring_elements 0.7359
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35920
1
reference_url https://github.com/sanic-org/sanic
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sanic-org/sanic
2
reference_url https://github.com/sanic-org/sanic/issues/2478
reference_id 2478
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:06Z/
url https://github.com/sanic-org/sanic/issues/2478
3
reference_url https://github.com/sanic-org/sanic/pull/2495
reference_id 2495
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:06Z/
url https://github.com/sanic-org/sanic/pull/2495
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35920
reference_id CVE-2022-35920
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35920
5
reference_url https://github.com/advisories/GHSA-8cw9-5hmv-77w6
reference_id GHSA-8cw9-5hmv-77w6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8cw9-5hmv-77w6
6
reference_url https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
reference_id GHSA-8cw9-5hmv-77w6
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:40:06Z/
url https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6
fixed_packages
0
url pkg:pypi/sanic@20.12.7
purl pkg:pypi/sanic@20.12.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sanic@20.12.7
1
url pkg:pypi/sanic@21.12.2
purl pkg:pypi/sanic@21.12.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sanic@21.12.2
2
url pkg:pypi/sanic@22.6.1
purl pkg:pypi/sanic@22.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sanic@22.6.1
aliases CVE-2022-35920, GHSA-8cw9-5hmv-77w6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1p-nk7w-bbfv
1
url VCID-ygs5-2uhq-2beq
vulnerability_id VCID-ygs5-2uhq-2beq
summary Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16762
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52702
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16762
1
reference_url https://github.com/advisories/GHSA-mpmf-hr8p-p49g
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-mpmf-hr8p-p49g
2
reference_url https://github.com/channelcat/sanic/issues/633
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/channelcat/sanic/issues/633
3
reference_url https://github.com/channelcat/sanic/releases/tag/0.5.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/channelcat/sanic/releases/tag/0.5.1
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/sanic/PYSEC-2017-40.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/sanic/PYSEC-2017-40.yaml
5
reference_url https://github.com/sanic-org/sanic
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sanic-org/sanic
6
reference_url https://github.com/sanic-org/sanic/pull/635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sanic-org/sanic/pull/635
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16762
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16762
fixed_packages
0
url pkg:pypi/sanic@0.5.1
purl pkg:pypi/sanic@0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-732a-8afs-33hp
1
vulnerability VCID-bq1p-nk7w-bbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sanic@0.5.1
aliases CVE-2017-16762, GHSA-mpmf-hr8p-p49g, PYSEC-2017-40
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygs5-2uhq-2beq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/sanic@0.1.3