10 matches found
CVE-2026-32108
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
CVE-2026-32108
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
CVE-2026-32108
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
CVE-2026-28492
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...
CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...
CVE-2025-58753
Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...
CVE-2025-58753 copyparty: Sharing a single file does not fully restrict access to other files in source folder
Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature the shr global-option. When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. I...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the shr global-option. An attacker can access unauthorized sibling files within a shared folder by guessing their filenames. Remediation Upgrade copyparty to version 1.19.8 or higher. References - GitHub Commit...
copyparty: Sharing a single file does not fully restrict access to other files in source folder
There was a missing permission-check in the shares feature the shr global-option. When a share is created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner;...
PT-2025-36951
Name of the Vulnerable Software and Affected Versions: Copyparty versions prior to 1.19.8 Description: Copyparty is a portable file server. A missing permission-check in the shares feature shr global-option allowed access to sibling files within a shared folder by guessing filenames when a share...