CVE-2023-37474

Name of the Vulnerable Software and Affected Versions Copyparty versions prior to 1.8.2

Description The issue is related to a path traversal vulnerability detected in the .cpr subfolder, allowing an attacker to access files, directories, and commands outside the web document root directory. This vulnerability can be exploited to read, modify, or delete data. The Path Traversal attack technique enables an attacker to access sensitive information. There are no known workarounds for this vulnerability.

Recommendations For versions prior to 1.8.2, upgrade to release 1.8.2 or later to address the path traversal vulnerability. As a temporary workaround, consider restricting access to the .cpr subfolder until a patch is available. Additionally, users can monitor their copyparty server logs for signs of potential attacks using commands such as grep -aE '(Errno|Permission).*.cpr/' to detect invalid attempts.