Copier Directory Traversal Vulnerability Allowing Template Root Escape

A directory traversal vulnerability has been identified in Copier versions prior to 9.14.1. The issue arises in the `_subdirectory` setting, which is intended to specify a subdirectory within the template root. However, the implementation improperly allows parent-directory traversal, enabling templates to escape their designated directories and access files from the parent directory. This can occur without the `--UNSAFE` flag, potentially leading to the unintentional inclusion of sensitive files in the rendering process.

Impact

Exploitation of this vulnerability allows templates to escape their intended directories and access files from the parent directory, which could be misused to include unintended or sensitive files in the project being generated. This occurs without the need for the `--UNSAFE` flag, adding to the risk.

Reproduction

To reproduce this vulnerability, create a template with a `_subdirectory` value that includes parent-directory traversal, such as `..`. When Copier is run with this template, it will access files from the parent directory instead of staying within the template's designated folder. This can be verified by checking for the presence of those files in the output directory after the Copier command is executed.

Remediation

Users can update to Copier version 9.14.1 or later, where this vulnerability has been patched.