RCE in Copier-org Copier
CVE-2026-53951
Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match (`copier/_settings.py`) compares the template URL against a trusted prefix with a raw `str.startswith` an…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Copier-org Copier — versions >= 9.5.0, < 9.15.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)