Veracode Vulnerability DatabaseVERACODE:41359Path Traversal
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.055 Low
EPSS
Percentile
93.3%
copyparty is vulnerable to Path Traversal. The vulnerability exists because the library does not properly validate the .cpr endpoint in httpcli.py, allowing an attacker to access files outside the expected directory and read arbitrary files through relative paths such as `\…filename.
References
packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html
github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff
github.com/9001/copyparty/releases/tag/v1.8.2
github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg
github.com/advisories/GHSA-pxfv-7rr3-2qjg
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.055 Low
EPSS
Percentile
93.3%