Vulnerability	Vulnerable Version
M Race Condition Affected versions of this package are vulnerable to Race Condition when `navpane` is closed How to fix Race Condition? Upgrade `copyparty` to version 1.0.10 or higher.	[,1.0.10)
M Race Condition Affected versions of this package are vulnerable to Race Condition resulting in a loss of availability. How to fix Race Condition? Upgrade `copyparty` to version 1.8.2 or higher.	[,1.8.2)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization via URL-parameter `?k304=...` and `?setck=...`. An attacker might be able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. Note: It is recommended to change account passwords unless log inspection did not produce any trace of attacks. IoCs: `(gzip -dc access.log.gz; cat access.log) \| sed -r 's/" [0-9]+ .//' \| grep -iE '%0[da]%0[da]%0[da]%0[da]\|[?&](hc\|pw)=.*[<>]'` How to fix Cross-site Scripting (XSS)? Upgrade `copyparty` to version 1.8.7 or higher.	[,1.8.7)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via hc parameter. How to fix Cross-site Scripting (XSS)? Upgrade `copyparty` to version 1.8.6 or higher.	[,1.8.6)
H Directory Traversal Affected versions of this package are vulnerable to Directory Traversal in the `handle_get()` function under `httpcli.py`. The `.cpr` subfolder exposes files, directories, and commands outside the web document root directory. How to fix Directory Traversal? Upgrade `copyparty` to version 1.8.2 or higher.	[,1.8.2)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) as it echoes bad requests as `HTML` How to fix Cross-site Scripting (XSS)? Upgrade `copyparty` to version 1.2.8 or higher.	[,1.2.8)

Go back to all versions of this package