Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Copier safe template has arbitrary filesystem read/write access
Vulnerability Description
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. filesystem access useless. This vulnerability is fixed in 9.9.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Copier 路径遍历漏洞
Vulnerability Description
Copier是Copier开源的一个用于渲染项目模板的库。 Copier 9.9.1之前版本存在路径遍历漏洞,该漏洞源于模板可读写任意文件,可能导致文件系统访问绕过。
CVSS Information
N/A
Vulnerability Type
N/A