Evipepota

**Name of the Vulnerable Software and Affected Versions** Gleam versions 1.16.0 through 1.17.0 **Description** A path traversal issue exists in the handling of custom documentation pages. The `documentation.pages` entries within the `gleam.toml` file are incorporated into filesystem paths without sufficient validation. Specifically, the `documentation.pages[].path` field allows writing generated documentation files outside the intended `build/dev/docs/<package>/` directory, and the `documentation.pages[].source` field allows reading files from outside the project directory to embed them into the output. An attacker can exploit this by convincing a victim to run `gleam docs build` on an untrusted project or with malicious `gleam.toml` content, leading to arbitrary file read and write operations. **Recommendations** Update to a version later than 1.17.0. Avoid running `gleam docs build` on untrusted projects. Review `documentation.pages` entries in `gleam.toml` before generating documentation. Run documentation generation in a restricted or isolated environment, such as containers.

**Name of the Vulnerable Software and Affected Versions** Copier versions prior to 9.14.1 **Description** Copier's ` subdirectory` setting, intended to specify the template root, incorrectly allows parent directory traversal sequences like `..`. This allows a template to escape its directory and render files from the parent directory without using the `--UNSAFE` flag. The vulnerability lies in the lack of validation that the resulting path remains within the template directory. The vulnerable code path involves rendering the ` subdirectory` string and using it directly to construct the template root path. This can lead to the rendering of files from unintended locations, potentially including sensitive data or configuration files in the parent directory. **Recommendations** Update Copier to version 9.14.1 or later.

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.14.1 Description The external data feature in Copier allows templates to load YAML files using paths controlled by the template. This can allow a malicious template to read YAML-parseable local files accessible to the user running Copier, potentially exposing their contents in the rendered output. The issue occurs because there is no containment check to ensure the resulting path stays within the subproject destination. This allows for parent-directory traversal (e.g., '../secret.yml') and absolute path reads (e.g., '/tmp/secret.yml'). The vulnerability exists even without using the `--UNSAFE` flag. Recommendations Update Copier to version 9.14.1 or later.