145 matches found
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730
Summary: CVE-2026-34730 affects Copier prior to version 9.14.1, where the optional _external_data feature allows template-controlled paths to load YAML files. This can enable destination-external reads, including parent-directory traversal (e.g., ../secret.yml) and absolute paths, exposing the co...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726
CVE-2026-34726 affects Copier (library/CLI) prior to version 9.14.1. The issue stems from the _subdirectory setting, which is documented as the template root but can accept directory traversal like .., and is used directly to compute the template root. This allows a template to escape its own dir...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
Copier 路径遍历漏洞
Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the ability for the subdirectory setting to allow traversal of the parent directory, potentially...
Copier 路径遍历漏洞
Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the externaldata function, which allowed templates to load YAML files using path-based operations...
algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +38 more potentially affected by CVE-2026-34730 via copier (>=2.3.3 <=9.11.3)
copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-34730 Source advisory: OSV:GHSA-HGJQ-P8CR-GG4H...
Directory Traversal
Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the externaldata paths. If a user runs Copier on an untrusted template, an attacker can access and expose the contents of arbitrary local files by supplying...
algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +9 more potentially affected by CVE-2026-34730 via copier (>=9.0.1 <=9.11.3)
copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34730 Source advisory: SNYK:PYTHON-COPIER-15874120...
GHSA-HGJQ-P8CR-GG4H Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Summary Copier's externaldata feature allows a template to load YAML files using template-controlled paths. The documentation describes these values as relative paths from the subproject destination, so relative paths themselves appear to be part of the intended feature model. However, the curren...
algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +38 more potentially affected by CVE-2026-34726 via copier (>=2.3.3 <=9.11.3)
copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-34726 Source advisory: OSV:GHSA-85V3-4M8G-HRH6...
GHSA-85V3-4M8G-HRH6 Copier `_subdirectory` allows template root escape via parent-directory traversal
Summary Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root. As a result, a template can escape its own directory and ma...
algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +9 more potentially affected by CVE-2026-34726 via copier (>=9.0.1 <=9.11.3)
copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34726 Source advisory: SNYK:PYTHON-COPIER-15874119...