7 matches found
Regular Expression Denial Of Service (ReDoS)
copyparty is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to allowing arbitrary RegEx inputs in the filter parameter of the "Recent Uploads" page, which allows an attacker to craft a malicious regex that deadlocks the server...
Cross-Site Scripting
Copyparty is vulnerable to reflected Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-supplied input in the filter parameter on the recent uploads page, which is reflected into a...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the filter parameter in the Recent Uploads page. An attacker can cause the server to become unresponsive by submitting specially crafted regular expressions. Note: This is exploitable if the Recent Uploads...
CVE-2025-54796
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...
CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...
CVE-2025-54796
CVE-2025-54796 concerns Copyparty, a portable file server. The vulnerability affects versions prior to 1.18.9 where the filter parameter on the "Recent Uploads" page accepts arbitrary RegExes. When this feature is enabled (the default), an attacker can craft a regex-based filter that deadlocks th...
CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...