Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local CLI execution (AV:L) needing an operator to run Copier (UI:R) with a pre-set trusted prefix and a crafted traversal path (AC:H); code execution as the user yields C/I/A:H, scope unchanged.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match (copier/_settings.py) compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the template is actually fetched (Path.resolve() for local paths; libcurl dot-segment removal for https). A template reference that textually starts with a trusted prefix but contains .. is therefore granted trust yet resolves to a different, attacker-controlled template, whose tasks / migrations / jinja_extensions then run without the --trust prompt - arbitrary command execution. Version 9.15.2 patches the issue.
AnalysisAI
Trust-boundary bypass in Copier 9.5.0 through 9.15.1 lets an attacker-controlled template execute arbitrary commands without the usual --trust confirmation. The flaw stems from the trust prefix check using a raw str.startswith on the un-normalized template URL, so a reference that textually begins with a trusted prefix but contains '..' is granted trust while actually resolving to a different template whose tasks/migrations/jinja_extensions then run. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that the victim has Copier's 'trust' setting configured with at least one trusted prefix (a non-default operator configuration), and that the victim invokes Copier against a template reference the attacker controls or influences which textually begins with that trusted prefix but embeds '..' dot-segments so the resolved location differs from the trusted string. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:N/UI:P, high impact to both vulnerable and subsequent systems) scores 8.8 and correctly signals that this is not a remote, drive-by bug: it is local, requires a specific attack condition (AT:P) and passive user interaction (UI:P) - namely an operator who has configured a trusted prefix and is induced to run Copier against a crafted reference. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or influences a template reference such as 'https://trusted.example.com/../attacker/template' that lexically starts with the victim organization's configured trusted prefix. When a developer or CI job runs Copier with that trusted prefix set, the startswith check silently grants trust while the normalized fetch pulls the attacker's template, whose tasks/migrations then execute shell commands on the host without any --trust prompt. … |
| Remediation | Vendor-released patch: 9.15.2 - upgrade Copier to 9.15.2 or later (e.g. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Copier instances running versions 9.5.0-9.15.1 and assess whether they process external or untrusted templates. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Copier versions prior to 9.11.2 allow local attackers to write arbitrary files outside the intended project destination
Copier versions before 9.11.2 allow local attackers to read arbitrary files outside the template directory by exploiting
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42309