150 matches found
CVE-2026-53951
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...
CVE-2026-53951
CVE-2026-53951 affects Copier versions 9.5.0–9.15.1. The vulnerability stems from a trust-prefix bypass: the code compares a template URL against a trusted prefix with a raw startswith and no path normalization, while the URL is normalized later when fetching (local paths via Path.resolve; https ...
CVE-2026-53951 Copier: trust-prefix bypass via path traversal runs tasks unprompted
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: ipc4-topology: Strengthen the loops for querying ALH copiers Other non-DAI copier widgets may have the same stream name sname as the ALH copier. In that case, copier-data will be NULL, and no alhdata will be attache...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34730
Summary: CVE-2026-34730 affects Copier prior to version 9.14.1, where the optional _external_data feature allows template-controlled paths to load YAML files. This can enable destination-external reads, including parent-directory traversal (e.g., ../secret.yml) and absolute paths, exposing the co...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...
CVE-2026-34726
CVE-2026-34726 affects Copier (library/CLI) prior to version 9.14.1. The issue stems from the _subdirectory setting, which is documented as the template root but can accept directory traversal like .., and is used directly to compute the template root. This allows a template to escape its own dir...
Copier 路径遍历漏洞
Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the ability for the subdirectory setting to allow traversal of the parent directory, potentially...
Copier 路径遍历漏洞
Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the externaldata function, which allowed templates to load YAML files using path-based operations...
algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +9 more potentially affected by CVE-2026-34730 via copier (>=9.0.1 <=9.11.3)
copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34730 Source advisory: SNYK:PYTHON-COPIER-15874120...