Lucene search
K

145 matches found

OSV
OSV
added 2025/08/18 4:36 p.m.7 views

CVE-2025-55214 Copier safe template has filesystem write access outside destination path

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS6.7AI score0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/18 4:21 p.m.3 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS7.2AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 4:21 p.m.21 views

CVE-2025-55201

CVE-2025-55201 concerns the Copier library/CLI used for rendering project templates. Prior to version 9.9.1, the template rendering context exposes certain pathlib.Path objects in Jinja with unconstrained I/O methods, enabling a safe template to read and write arbitrary files on the filesystem an...

8.5CVSS6.6AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/18 4:21 p.m.13 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS0.0024EPSS
Exploits0References2
OSV
OSV
added 2025/08/18 4:21 p.m.6 views

CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS6.6AI score0.0024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.3 views

PT-2025-33669 · Copier · Copier

Name of the Vulnerable Software and Affected Versions: Copier versions 7.1.0 through 9.9.0 Description: Copier, a library and CLI application for rendering project templates, allows for the potential to write files outside the intended destination path when rendering a generated directory structu...

6.9CVSS7.4AI score0.00244EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.13 views

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 9.9.1, which stems from the fact that the templates can read and write arbitrary files, potentially leading to file system access bypass...

8.5CVSS6.9AI score0.0024EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.14 views

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.6 views

PT-2025-33667 · Copier · Copier

Name of the Vulnerable Software and Affected Versions: Copier versions prior to 9.9.1 Description: Copier exposes pathlib.Path objects in the Jinja context with unconstrained I/O methods, allowing a safe template to read and write arbitrary files. This renders the security model regarding...

8.5CVSS7.3AI score0.0024EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-21870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in...

5.5CVSS6.7AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/29 2:33 p.m.6 views

CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS7.1AI score0.00177EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/03/28 3:1 a.m.4 views

SUSE CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS7.7AI score0.00177EPSS
Exploits0References15
NVD
NVD
added 2025/03/27 2:15 p.m.6 views

CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS0.00177EPSS
Exploits0References3
OSV
OSV
added 2025/03/27 2:15 p.m.15 views

AZL-62845 CVE-2025-21870 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS6.6AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2025/03/27 2:15 p.m.11 views

DEBIAN-CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS5.6AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2025/03/27 2:15 p.m.11 views

UBUNTU-CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References15
Cvelist
Cvelist
added 2025/03/27 1:38 p.m.11 views

CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

0.00177EPSS
Exploits0References3
CVE
CVE
added 2025/03/27 1:38 p.m.113 views

CVE-2025-21870

Technical details for CVE-2025-21870 are not publicly provided in the supplied documents. Monitor for updates.

5.5CVSS6.8AI score0.00177EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/03/27 1:38 p.m.10 views

CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS6.1AI score0.00177EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/03/27 1:38 p.m.5 views

CVE-2025-21870

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name sname as the ALH copier and in that case the copier-data is NULL, no alhdata is attached, which could...

5.5CVSS5.6AI score0.00177EPSS
Exploits0
Rows per page
Query Builder