Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root.
As a result, a template can escape its own directory and make Copier render files from the parent directory without --UNSAFE. This issue has been patched in version 9.14.1.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Copier-Org Copier
cpe:2.3:a:copier-org:copier:*:*:*:*:*:python:*:*
|
— |
9.14.1
|
References 3
https://github.com/copier-org/copier/commit/cb80a3ffc9c3787de3ed837e04ca29a0ff8…
security-advisories@github.com
https://github.com/copier-org/copier/releases/tag/v9.14.1
security-advisories@github.com
https://github.com/copier-org/copier/security/advisories/GHSA-85v3-4m8g-hrh6
security-advisories@github.com