copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| copyparty(PyPI) | 0 | 1.18.5 | N/A |
CVSS Metrics
