Lucene search
K
Copier-orgCopier

4 matches found

CVE
CVE
added 2026/01/21 10:20 p.m.24 views

CVE-2026-23986

CVE-2026-23986 affects Copier (library and CLI). A safe template can still write outside the destination when using a symlink and _preserve_symlinks: true, enabling a malicious template to overwrite arbitrary files within the user’s write permissions. This risk exists prior to version 9.11.2 and ...

7.1CVSS5.7AI score0.00224EPSS
CVE
CVE
added 2026/01/21 10:13 p.m.18 views

CVE-2026-23968

CVE-2026-23968 affects Copier (library and CLI) prior to version 9.11.2. The issue lets a safe-looking template include arbitrary files/directories outside the local template via symlinks when _preserve_symlinks is false, effectively enabling read access to sensitive data. Version 9.11.2 patches ...

6.8CVSS5.7AI score0.002EPSS
CVE
CVE
added 2026/04/02 6:7 p.m.15 views

CVE-2026-34726

CVE-2026-34726 affects Copier (library/CLI) prior to version 9.14.1. The issue stems from the _subdirectory setting, which is documented as the template root but can accept directory traversal like .., and is used directly to compute the template root. This allows a template to escape its own dir...

4.4CVSS5.8AI score0.00383EPSS
CVE
CVE
added 2026/04/02 6:9 p.m.15 views

CVE-2026-34730

Summary: CVE-2026-34730 affects Copier prior to version 9.14.1, where the optional _external_data feature allows template-controlled paths to load YAML files. This can enable destination-external reads, including parent-directory traversal (e.g., ../secret.yml) and absolute paths, exposing the co...

5.5CVSS5.8AI score0.00287EPSS