CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

Copier 路径遍历漏洞

Copier is an open-source library developed by Copier for rendering project templates. Versions of Copier prior to 9.14.1 contained a path traversal vulnerability. This vulnerability stemmed from the ability for the subdirectory setting to allow traversal of the parent directory, potentially...

Directory Traversal

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the subdirectory setting, which allows parent-directory traversal. If a user runs Copier on an untrusted template, an attacker can access files outside the...