4 matches found
CVE-2026-23986
CVE-2026-23986 affects Copier (library and CLI). A safe template can still write outside the destination when using a symlink and _preserve_symlinks: true, enabling a malicious template to overwrite arbitrary files within the user’s write permissions. This risk exists prior to version 9.11.2 and ...
CVE-2026-23968
CVE-2026-23968 affects Copier (library and CLI) prior to version 9.11.2. The issue lets a safe-looking template include arbitrary files/directories outside the local template via symlinks when _preserve_symlinks is false, effectively enabling read access to sensitive data. Version 9.11.2 patches ...
CVE-2026-34726
CVE-2026-34726 affects Copier (library/CLI) prior to version 9.14.1. The issue stems from the _subdirectory setting, which is documented as the template root but can accept directory traversal like .., and is used directly to compute the template root. This allows a template to escape its own dir...
CVE-2026-34730
Summary: CVE-2026-34730 affects Copier prior to version 9.14.1, where the optional _external_data feature allows template-controlled paths to load YAML files. This can enable destination-external reads, including parent-directory traversal (e.g., ../secret.yml) and absolute paths, exposing the co...