Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Vulnerability Description
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with `_preserve_symlinks: false` (which is Copier's default setting). Version 9.11.2 patches the issue.
CVSS Information
N/A
Vulnerability Type
CWE-61
Vulnerability Title
Copier 安全漏洞
Vulnerability Description
Copier是Copier开源的一个用于渲染项目模板的库。 Copier 9.11.2之前版本存在安全漏洞,该漏洞源于使用符号链接和默认设置可能导致包含本地模板克隆位置之外的文件或目录。
CVSS Information
N/A
Vulnerability Type
N/A