Vulnerability	Vulnerable Version
M UNIX Symbolic Link (Symlink) Following copier is an A library for rendering project templates. Affected versions of this package are vulnerable to UNIX Symbolic Link (Symlink) Following via the symlink resolution process in safe templates when `_preserve_symlinks` is set to `true`. An attacker can overwrite arbitrary files on the filesystem, within the user's write permissions, by crafting a malicious template that uses the generated directory structure functionality. How to fix UNIX Symbolic Link (Symlink) Following? Upgrade `copier` to version 9.11.2 or higher.	[,9.11.2)
M UNIX Symbolic Link (Symlink) Following copier is an A library for rendering project templates. Affected versions of this package are vulnerable to UNIX Symbolic Link (Symlink) Following via the symlink resolution process in safe templates when `_preserve_symlinks` is set to false. An attacker can access arbitrary files or directories outside the intended template location by crafting malicious templates that include symlinks pointing to sensitive files. Note: Safe templates are those that don't use unsafe features like custom Jinja extensions, which would require passing the --UNSAFE,--trust flag. How to fix UNIX Symbolic Link (Symlink) Following? Upgrade `copier` to version 9.11.2 or higher.	[,9.11.2)

UNIX Symbolic Link (Symlink) Following

copier is an A library for rendering project templates.

Affected versions of this package are vulnerable to UNIX Symbolic Link (Symlink) Following via the symlink resolution process in safe templates when _preserve_symlinks is set to true. An attacker can overwrite arbitrary files on the filesystem, within the user's write permissions, by crafting a malicious template that uses the generated directory structure functionality.

How to fix UNIX Symbolic Link (Symlink) Following?

Upgrade copier to version 9.11.2 or higher.

[,9.11.2)

UNIX Symbolic Link (Symlink) Following

copier is an A library for rendering project templates.

Affected versions of this package are vulnerable to UNIX Symbolic Link (Symlink) Following via the symlink resolution process in safe templates when _preserve_symlinks is set to false. An attacker can access arbitrary files or directories outside the intended template location by crafting malicious templates that include symlinks pointing to sensitive files.

Note: Safe templates are those that don't use unsafe features like custom Jinja extensions, which would require passing the --UNSAFE,--trust flag.

How to fix UNIX Symbolic Link (Symlink) Following?

Upgrade copier to version 9.11.2 or higher.

[,9.11.2)

Go back to all versions of this package