Lucene search
K

150 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-53951

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS0.00189EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-53951

CVE-2026-53951 affects Copier versions 9.5.0–9.15.1. The vulnerability stems from a trust-prefix bypass: the code compares a template URL against a trusted prefix with a raw startswith and no path normalization, while the URL is normalized later when fetching (local paths via Path.resolve; https ...

8.8CVSS6.1AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-53951 Copier: trust-prefix bypass via path traversal runs tasks unprompted

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS0.00189EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: ipc4-topology: Strengthen the loops for querying ALH copiers Other non-DAI copier widgets may have the same stream name sname as the ALH copier. In that case, copier-data will be NULL, and no alhdata will be attache...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.9 views

CVE-2026-34730

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

5.5CVSS5.8AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.6 views

CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS5.8AI score0.00383EPSS
Exploits1References1
NVD
NVD
added 2026/04/02 7:21 p.m.6 views

CVE-2026-34730

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

5.5CVSS0.00287EPSS
Exploits1References3
NVD
NVD
added 2026/04/02 7:21 p.m.4 views

CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS0.00383EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 6:9 p.m.18 views

CVE-2026-34730

Summary: CVE-2026-34730 affects Copier prior to version 9.14.1, where the optional _external_data feature allows template-controlled paths to load YAML files. This can enable destination-external reads, including parent-directory traversal (e.g., ../secret.yml) and absolute paths, exposing the co...

5.5CVSS5.8AI score0.00287EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/02 6:9 p.m.2 views

CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

5.5CVSS5.9AI score0.00287EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/02 6:9 p.m.26 views

CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

5.5CVSS0.00287EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/02 6:9 p.m.3 views

CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

5.5CVSS5.8AI score0.00287EPSS
Exploits1References3
OSV
OSV
added 2026/04/02 6:7 p.m.3 views

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS5.9AI score0.00383EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/02 6:7 p.m.22 views

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS0.00383EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/02 6:7 p.m.2 views

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS5.8AI score0.00383EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:7 p.m.2 views

CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS5.8AI score0.00383EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/02 6:7 p.m.15 views

CVE-2026-34726

CVE-2026-34726 affects Copier (library/CLI) prior to version 9.14.1. The issue stems from the _subdirectory setting, which is documented as the template root but can accept directory traversal like .., and is used directly to compute the template root. This allows a template to escape its own dir...

4.4CVSS5.8AI score0.00383EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Copier 路径遍历漏洞

Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the ability for the subdirectory setting to allow traversal of the parent directory, potentially...

4.4CVSS5.8AI score0.00383EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Copier 路径遍历漏洞

Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the externaldata function, which allowed templates to load YAML files using path-based operations...

5.5CVSS5.8AI score0.00287EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/04/01 10:38 p.m.5 views

algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +9 more potentially affected by CVE-2026-34730 via copier (>=9.0.1 <=9.11.3)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34730 Source advisory: SNYK:PYTHON-COPIER-15874120...

5.5CVSS5.4AI score0.00287EPSS
Exploits1
Rows per page
Query Builder