CVE-2023-37474: copyparty vulnerable to path traversal attack
(updated )
All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.
References
- github.com/9001/copyparty
- github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff
- github.com/9001/copyparty/releases/tag/v1.8.2
- github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg
- github.com/advisories/GHSA-pxfv-7rr3-2qjg
- github.com/pypa/advisory-database/tree/main/vulns/copyparty/PYSEC-2023-127.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-37474
Detect and mitigate CVE-2023-37474 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →