144 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: ipc4-topology: Strengthen the loops for querying ALH copiers. Other non-DAI copier widgets may have the same stream name sname as the ALH copier. In that case, copier-data will be NULL, and no alhdata will be...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730
Summary: CVE-2026-34730 is tied to Copier’s _external_data feature, which can read YAML data from paths outside the subproject destination or from absolute paths without using --UNSAFE. The GitHub advisory and OSV entry describe path traversal and absolute-path reads via _external_data, exposing ...
CVE-2026-34726
Summary: The CVE placeholder CVE-2026-34726 is related to a real vulnerability in Copier (GHSA-85V3-4M8G-HRH6) where the _subdirectory setting accepts parent-directory traversal (e.g., ..) and can escape the template root. This allows a template to render files from the parent directory instead o...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
Copier 路径遍历漏洞
Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the externaldata function, which allowed templates to load YAML files using path-based operations...
Copier 路径遍历漏洞
Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the ability for the subdirectory setting to allow traversal of the parent directory, potentially...
GHSA-HGJQ-P8CR-GG4H Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Summary Copier's externaldata feature allows a template to load YAML files using template-controlled paths. The documentation describes these values as relative paths from the subproject destination, so relative paths themselves appear to be part of the intended feature model. However, the curren...
Directory Traversal
Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the externaldata paths. If a user runs Copier on an untrusted template, an attacker can access and expose the contents of arbitrary local files by supplying...
algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.7) +9 more potentially affected by CVE-2026-34730 via copier (>=9.0.1 <=9.11.3)
copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34730 Source advisory: SNYK:PYTHON-COPIER-15874120...
algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +38 more potentially affected by CVE-2026-34730 via copier (>=2.3.3 <=9.11.3)
copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-34730 Source advisory: OSV:GHSA-HGJQ-P8CR-GG4H...
GHSA-85V3-4M8G-HRH6 Copier `_subdirectory` allows template root escape via parent-directory traversal
Summary Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root. As a result, a template can escape its own directory and ma...
algokit (>=0.2.0 <=2.10.0), algorun (>=0.0.1b1 <=0.0.1b4) +38 more potentially affected by CVE-2026-34726 via copier (>=2.3.3 <=9.11.3)
copier PYPI version =2.3.3, =0.2.0, =0.0.1b1, =0.0.1, =0.11.0, =0.31.0, =1.4.14, =0.2.3, =2.0.0, =0.18.0, =0.9.0, =0.10.0, =0.1.1, =0.14.1, =0.1.0, =0.1.10, =0.1.11 and more Source cves: CVE-2026-34726 Source advisory: OSV:GHSA-85V3-4M8G-HRH6...