Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks...

Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through “Recent Uploads” page

August 1, 2025 invoker category_cve

CVE Details

Basic Information

Title	Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through “Recent Uploads” page
Type	cve
Published	2025-08-01T23:38:27.221Z
Modified	2025-08-01T23:38:27.221Z

Product Information

Vendor	9001
Product	copyparty
Version	< 1.18.9

CVSS Information

Base Score	7.5 (HIGH)
Attack Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

9001 copyparty < 1.18.9

Additional Information

CWE List	CWE-400, CWE-1333, CWE-833
Source	GitHub_M

Description

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the “Recent Uploads” page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

References

https://github.com/9001/copyparty/security/advisories/GHSA-5662-2rj7-f2v6
https://github.com/9001/copyparty/commit/09910ba80784c3980947d92f45db696398c0fd83
https://github.com/9001/copyparty/releases/tag/v1.18.9

View Full CVE Details