GHSA-pxvw-4w88-6x95
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pxvw-4w88-6x95
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-pxvw-4w88-6x95/GHSA-pxvw-4w88-6x95.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pxvw-4w88-6x95
- Aliases
- Published
- 2025-09-09T15:12:17Z
- Modified
- 2025-09-10T21:54:40.503567Z
- Severity
-
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- copyparty: Sharing a single file does not fully restrict access to other files in source folder
- Details
-
There was a missing permission-check in the shares feature (the
shrglobal-option).When a share is created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames.
It was not possible to descend into subdirectories in this manner; only the sibling files were accessible.
This issue did not affect filekeys or dirkeys.
- Database specific
{ "cwe_ids": [ "CWE-552", "CWE-862" ], "github_reviewed": true, "github_reviewed_at": "2025-09-09T15:12:17Z", "nvd_published_at": "2025-09-09T20:15:49Z", "severity": "MODERATE" }- References
Affected packages
PyPI / copyparty
Package
- Name
- copyparty
- View open source insights on deps.dev
- Purl
- pkg:pypi/copyparty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.19.8
Affected versions
0.*
0.2.3
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.8.1
0.8.3
0.9.0
0.9.1
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.13
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
0.10.10
0.10.11
0.10.12
0.10.13
0.10.14
0.10.15
0.10.16
0.10.17
0.10.18
0.10.19
0.10.20
0.10.21
0.10.22
0.11.0
0.11.1
0.11.5
0.11.6
0.11.7
0.11.8
0.11.9
0.11.10
0.11.11
0.11.12
0.11.13
0.11.14
0.11.15
0.11.16
0.11.17
0.11.18
0.11.19
0.11.20
0.11.21
0.11.22
0.11.23
0.11.24
0.11.26
0.11.27
0.11.28
0.11.29
0.11.30
0.11.31
0.11.32
0.11.33
0.11.34
0.11.35
0.11.36
0.11.37
0.11.38
0.11.39
0.11.40
0.11.41
0.11.42
0.11.43
0.11.44
0.11.45
0.11.46
0.11.47
0.12.1
0.12.3
0.12.4
0.12.5
0.12.6
0.12.7
0.12.8
0.12.9
0.12.10
0.12.11
0.12.12
0.13.0
0.13.1
0.13.2
0.13.3
0.13.5
0.13.6
0.13.7
0.13.9
0.13.10
0.13.11
0.13.12
0.13.13
0.13.14
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.6
1.8.7
1.8.8
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.18
1.9.19
1.9.20
1.9.21
1.9.24
1.9.25
1.9.26
1.9.27
1.9.28
1.9.29
1.9.30
1.9.31
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.15.6
1.15.7
1.15.8
1.15.9
1.15.10
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.16.10
1.16.11
1.16.12
1.16.13
1.16.14
1.16.15
1.16.16
1.16.17
1.16.18
1.16.19
1.16.20
1.16.21
1.17.0
1.17.1
1.17.2
1.18.0
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5
1.18.6
1.18.7
1.18.8
1.18.9
1.18.10
1.19.0
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.19.7