CNNVD-202601-3327 Information

CNNVD ID

CNNVD-202601-3327

Related CVE

CVE-2026-23968

• CNNVD Published: 2026-01-21

Description (Chinese)

Copier是Copier开源的一个用于渲染项目模板的库。 Copier 9.11.2之前版本存在安全漏洞，该漏洞源于使用符号链接和默认设置可能导致包含本地模板克隆位置之外的文件或目录。

Description (English)

Copier is a library of the Copier Open Source for rendering project templates. There was a security loophole in the pre-Copier 9.11.2 version, which stemmed from the use of symbolic links and default settings that could lead to documents or directories containing locations other than local templates.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Copier

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/copier-org/copier/security/advisories/GHSA-xjhm-gp88-8pfx https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6 https://access.redhat.com/security/cve/cve-2026-23968

Patch

https://github.com/copier-org/copier/releases