GHSA-7p79-6x2v-5h88 – sanic

Package

Manager: pip
Name: sanic
Vulnerable Version: >=0.1.7 <20.12.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Server crash if running Python 3.10 w/ Sanic 20.12 **!!! ONLY APPLIES TO VERSIONS PRIOR TO Sanic v20.12 WHEN USING Python 3.10 !!!** Sanic v20.12 officially supports Python versions 3.6, 3.7, 3.8, and 3.9. However, if you accidentally run it with version 3.10 (**which is not supported by Sanic 20.12**), your server is prone to crashing on an incoming web request. ### Impact Anyone running Sanic server between 0.1.7 and 20.12 **using Python 3.10**. ### Patches [Sanic v20.12.6](https://github.com/sanic-org/sanic/releases/tag/v20.12.6) ### Workarounds Use a supported version of Python (v3.6 - v3.9) ### References > In [asyncio](https://docs.python.org/3/library/asyncio.html#module-asyncio), the explicit passing of a loop argument has been deprecated and will be removed in version 3.10 for the following: ... [asyncio.Event](https://docs.python.org/3/library/asyncio-sync.html#asyncio.Event) [Python 3.8 Release Notes](https://docs.python.org/3/whatsnew/3.8.html#deprecated) ### For more information If you have any questions or comments about this advisory: * Open an issue in [the community forums](https://community.sanicframework.org/) * Ping us on [the Discord server](https://discord.gg/FARQzAEMAA)

Metadata

Created: 2022-02-16T22:57:57Z
Modified: 2022-02-25T14:54:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-7p79-6x2v-5h88/GHSA-7p79-6x2v-5h88.json
CWE IDs: []
Alternative ID: N/A
Finding: F120
Auto approve: 1