Copier Library Symlink Vulnerability Allowing Arbitrary File Overwrite

A vulnerability in the Copier library and CLI application, prior to version 9.11.2, allows safe templates to write to arbitrary directories outside the intended destination. This is achieved by using a directory symlink with the '_preserve_symlinks: true' option, creating a directory structure that renders inside the symlinked directory. Consequently, a malicious template author could craft a template that overwrites files in the user's writable directories, potentially leading to disruptive consequences.

Impact

Exploitation of this vulnerability could result in unauthorized overwriting of files in arbitrary locations, based on the user's write permissions, allowing for disruptive actions such as deleting or modifying critical files.

Reproduction

To reproduce this vulnerability, create a template that includes a symlinked directory pointing to a location with a sensitive file, such as 'sensitive.txt'. In the template, generate a file that references the symlinked file using a Jinja expression, and ensure the '_preserve_symlinks' option is set to true. When the template is processed, the symlink will be followed, and the referenced file will be overwritten.

Remediation

Users can update to Copier version 9.11.2 or later, where this vulnerability has been patched.