Cbrown1234

**Name of the Vulnerable Software and Affected Versions** Copier versions prior to 9.11.2 **Description** Copier, a library and CLI app for rendering project templates, allows a malicious template author to overwrite arbitrary files. This occurs because a safe template can write to directories outside the intended destination path by utilizing a symlink with ` preserve symlinks: true` and a generated directory structure where the rendered path resides within the symlinked directory. The exploit is non-deterministic, as Copier uses `os.scandir` which yields directory entries in an arbitrary order. The issue allows overwriting files based on the user's write permissions. **Recommendations** Update Copier to version 9.11.2 or later.