fkie_nvd - fkie_cve-2025-55214

fkie_cve-2025-55214

Vulnerability from fkie_nvd

Published

2025-08-18 17:15

Modified

2025-08-18 20:16

Severity ?

6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Summary

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path where a project shall be generated or updated. This is possible when rendering a generated directory structure whose rendered path is either a relative parent path or an absolute path. Constructing such paths is possible using Copier's builtin pathjoin Jinja filter and its builtin _copier_conf.sep variable, which is the platform-native path separator. This way, a malicious template author can create a template that overwrites arbitrary files (according to the user's write permissions), e.g., to cause havoc. This vulnerability is fixed in 9.9.1.

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/copier-org/copier/commit/fdbc0167cc22780b497e4db176feaf6f024757d6
	security-advisories@github.com	https://github.com/copier-org/copier/security/advisories/GHSA-p7q8-grrj-3m8w

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it\u0027s safe to generate a project from a safe template, i.e. one that doesn\u0027t use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path where a project shall be generated or updated. This is possible when rendering a generated directory structure whose rendered path is either a relative parent path or an absolute path. Constructing such paths is possible using Copier\u0027s builtin pathjoin Jinja filter and its builtin _copier_conf.sep variable, which is the platform-native path separator. This way, a malicious template author can create a template that overwrites arbitrary files (according to the user\u0027s write permissions), e.g., to cause havoc. This vulnerability is fixed in 9.9.1."
    },
    {
      "lang": "es",
      "value": "Librer\u00eda Copier y aplicaci\u00f3n CLI para renderizar plantillas de proyecto. Desde la versi\u00f3n 7.1.0 hasta la 9.9.1, Copier sugiere que es seguro generar un proyecto a partir de una plantilla segura, es decir, una que no utilice funciones inseguras como extensiones personalizadas de Jinja, que requerir\u00edan el indicador --UNSAFE,--trust. Resulta que, actualmente, una plantilla segura puede escribir archivos fuera de la ruta de destino donde se generar\u00e1 o actualizar\u00e1 un proyecto. Esto es posible al renderizar una estructura de directorios generada cuya ruta renderizada es una ruta principal relativa o una ruta absoluta. Estas rutas se pueden construir mediante el filtro pathjoin de Jinja integrado de Copier y su variable _copier_conf.sep integrada, que es el separador de rutas nativo de la plataforma. De esta forma, un creador de plantillas malintencionado puede crear una plantilla que sobrescriba archivos arbitrarios (seg\u00fan los permisos de escritura del usuario), por ejemplo, para causar problemas. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 9.9.1."
    }
  ],
  "id": "CVE-2025-55214",
  "lastModified": "2025-08-18T20:16:28.750",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-18T17:15:30.310",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/copier-org/copier/commit/fdbc0167cc22780b497e4db176feaf6f024757d6"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/copier-org/copier/security/advisories/GHSA-p7q8-grrj-3m8w"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-55214 (GCVE-0-2025-55214)

Vulnerability from cvelistv5

Published

2025-08-18 16:36