VYPR
High severityNVD Advisory· Published Aug 1, 2025· Updated Aug 4, 2025

Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page

CVE-2025-54796

Description

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
copypartyPyPI
< 1.18.91.18.9

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.