CNNVD-202601-3340 Information

CNNVD ID

CNNVD-202601-3340

Related CVE

CVE-2026-23986

• CNNVD Published: 2026-01-21

Description (Chinese)

Copier是Copier开源的一个用于渲染项目模板的库。 Copier 9.11.2之前版本存在安全漏洞，该漏洞源于使用符号链接和特定设置可能导致写入目标路径之外的任意目录。

Description (English)

Copier is a library of the Copier Open Source for rendering project templates. There was a security loophole in the pre-Copier 9.11.2 version, which stemmed from the use of symbolic links and specific settings that could lead to the inclusion of any directory outside the target path.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Copier

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/copier-org/copier/security/advisories/GHSA-4fqp-r85r-hxqh https://github.com/copier-org/copier/releases/tag/v9.11.2 https://github.com/copier-org/copier/commit/b3a7b3772d17cf0e7a4481978188c9f536c8d8f6 https://access.redhat.com/security/cve/cve-2026-23986

Patch

https://github.com/copier-org/copier/releases