High severityOSV Advisory· Published Aug 18, 2025· Updated Apr 15, 2026
CVE-2025-55201
CVE-2025-55201
Description
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. filesystem access useless. This vulnerability is fixed in 9.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
copierPyPI | < 9.9.1 | 9.9.1 |
Affected products
2- Range: 1.1.1, 3.0.0-alpha5, 3.0.0-alpha6, …
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.