Lucene search
K

150 matches found

EUVD
EUVD
added 2025/11/24 9:51 p.m.5 views

EUVD-2025-199059

Malicious code in parcel-plugin-asset-copier npm...

6.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 9:51 p.m.6 views

Malicious code in parcel-plugin-asset-copier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344955077c61592ec46c29550b12878886b0b61f3a7c84e050d6d25756f60bf2 The package parcel-plugin-asset-copier was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 9:51 p.m.3 views

MAL-2025-190984 Malicious code in parcel-plugin-asset-copier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 344955077c61592ec46c29550b12878886b0b61f3a7c84e050d6d25756f60bf2 The package parcel-plugin-asset-copier was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8432

Malicious code in bioql PyPI...

7.2AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-37525

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25132

Malicious code in bioql PyPI...

8.5CVSS6.3AI score0.0024EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25131

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/09/09 5:40 a.m.7 views

BIT-JUPYTERLAB-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS7.1AI score0.01024EPSS
Exploits3References3
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:8 p.m.5 views

ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

...

5.5CVSS7AI score0.00177EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.7 views

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS6.5AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/20 4:27 p.m.16 views

CVE-2025-55201

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

8.5CVSS6.3AI score0.0024EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/08/18 9:1 p.m.3 views

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.7.0) +163 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)

copier PYPI version =7.1.0, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.3, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55214 Source advisory: OSV:GHSA-P7Q8-GRRJ-3M8W...

6.9CVSS5.7AI score0.00244EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/18 9:1 p.m.9 views

Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

6.9CVSS7.2AI score0.00244EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/18 9:1 p.m.2 views

GHSA-P7Q8-GRRJ-3M8W Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

6.9CVSS5.9AI score0.00244EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/18 9:0 p.m.6 views

Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

8.5CVSS7.2AI score0.0024EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/08/18 9:0 p.m.8 views

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.7.0) +167 more potentially affected by CVE-2025-55201 via copier (>=2.3.3 <=9.9.0)

copier PYPI version =2.3.3, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.3, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55201 Source advisory: OSV:GHSA-3XW7-V6CJ-5Q8H...

8.5CVSS5.7AI score0.0024EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/18 5:41 p.m.6 views

5bb-task (=3.49.1rc1), aegis-stack (>=0.2.0 <=0.7.0) +163 more potentially affected by CVE-2025-55214 via copier (>=7.1.0 <=9.9.0)

copier PYPI version =7.1.0, =0.2.0, =0.1.0, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.3, =0.2.1, =0.2.1, =0.1.0, =1.0.0, =0.2.0, =0.0.1b1, =0.0.1b4 and more Source cves: CVE-2025-55214 Source advisory: SNYK:PYTHON-COPIER-12009006...

6.9CVSS5.7AI score0.00244EPSS
Exploits0
Snyk
Snyk
added 2025/08/18 5:41 p.m.4 views

Directory Traversal

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the rendering process when generating a directory structure whose rendered path is either a relative parent path or an absolute path. An attacker can...

7.1CVSS7.7AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2025/08/18 5:15 p.m.13 views

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.9CVSS0.00244EPSS
Exploits0References2
Rows per page
Query Builder