HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-54796

CVSS 7.5v3.1pub. 2025-08-02upd. 2025-09-12

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • 9001 Copyparty

    APP
    9001
    < 1.18.9
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-41471HIGH7.8ten sam produkt

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code...

CVE-2023-37474HIGH7.5ten sam produkt

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability det...

CVE-2026-30974MEDIUM4.6ten sam produkt

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent executi...

CVE-2026-27948MEDIUM5.4ten sam produkt

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scrip...

CVE-2025-58753MEDIUM5.3ten sam produkt

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the ...

CVE-2025-54796 β€” 9001 β€” Copyparty β€” HIGH β€” CVSS 7.5 | CVEbaza.pl