7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.055 Low
EPSS
Percentile
93.3%
copyparty is vulnerable to Path Traversal. The vulnerability exists because the library does not properly validate the .cpr
endpoint in httpcli.py
, allowing an attacker to access files outside the expected directory and read arbitrary files through relative paths such as `\…filename.
packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff
github.com/9001/copyparty/releases/tag/v1.8.2
github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg
github.com/advisories/GHSA-pxfv-7rr3-2qjg