Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03cDc5LTZ4MnYtNWg4OM0scQ
Server crash if running Python 3.10 w/ Sanic 20.12
!!! ONLY APPLIES TO VERSIONS PRIOR TO Sanic v20.12 WHEN USING Python 3.10 !!!
Sanic v20.12 officially supports Python versions 3.6, 3.7, 3.8, and 3.9. However, if you accidentally run it with version 3.10 (which is not supported by Sanic 20.12), your server is prone to crashing on an incoming web request.
Impact
Anyone running Sanic server between 0.1.7 and 20.12 using Python 3.10.
Patches
Workarounds
Use a supported version of Python (v3.6 - v3.9)
References
In asyncio, the explicit passing of a loop argument has been deprecated and will be removed in version 3.10 for the following: ... asyncio.Event
For more information
If you have any questions or comments about this advisory:
- Open an issue in the community forums
- Ping us on the Discord server
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cDc5LTZ4MnYtNWg4OM0scQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-7p79-6x2v-5h88
References:
- https://github.com/sanic-org/sanic/security/advisories/GHSA-7p79-6x2v-5h88
- https://github.com/sanic-org/sanic/releases/tag/v20.12.6
- https://github.com/advisories/GHSA-7p79-6x2v-5h88
Blast Radius: 0.0
Affected Packages
pypi:sanic
Dependent packages: 123Dependent repositories: 3,204
Downloads: 786,346 last month
Affected Version Ranges: >= 0.1.7, < 20.12.6
Fixed in: 20.12.6
All affected versions: 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.5.2, 0.5.4, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 18.12.0, 19.3.1, 19.6.0, 19.6.2, 19.6.3, 19.9.0, 19.12.0, 19.12.2, 19.12.3, 19.12.4, 19.12.5, 20.3.0, 20.6.0, 20.6.1, 20.6.2, 20.6.3, 20.9.0, 20.9.1, 20.12.0, 20.12.1, 20.12.2, 20.12.3, 20.12.4, 20.12.5
All unaffected versions: 0.1.0, 0.1.1, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 20.12.6, 20.12.7, 21.3.0, 21.3.1, 21.3.2, 21.3.4, 21.6.0, 21.6.1, 21.6.2, 21.9.0, 21.9.1, 21.9.2, 21.9.3, 21.12.0, 21.12.1, 21.12.2, 22.3.0, 22.3.1, 22.3.2, 22.6.0, 22.6.1, 22.6.2, 22.9.0, 22.9.1, 22.12.0, 23.3.0, 23.6.0, 23.12.0, 23.12.1