Security Advisory

CVE-2025-55201

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-18 16:21:25

Last updated 2025-08-18 17:37:53

Assigner GitHub_M

State PUBLISHED

Description

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. filesystem access useless. This vulnerability is fixed in 9.9.1.

← Browse all CVEs View on cve.org ↗