CVE-2023-37474 – CVE-2023-37474 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-37474?

CVE-2023-37474 has a CVSS score of 7.5 (HIGH). CVE-2023-37474 is a path traversal vulnerability in Copyparty file server versions before 1.8.2 that allows attackers to access files outside the web root directory via the .cpr subfolder. This affects all users running vulnerable Copyparty instances, potentially exposing sensitive system files. The vulnerability is particularly dangerous for internet-facing servers.

📋 TL;DR

CVE-2023-37474 is a path traversal vulnerability in Copyparty file server versions before 1.8.2 that allows attackers to access files outside the web root directory via the .cpr subfolder. This affects all users running vulnerable Copyparty instances, potentially exposing sensitive system files. The vulnerability is particularly dangerous for internet-facing servers.

💻 Affected Systems

Products:

Copyparty

Versions: All versions prior to 1.8.2

Operating Systems: All platforms running Copyparty

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the .cpr subfolder functionality; all default configurations are affected.

📦 What is this software?

Copyparty by 9001

View all CVEs affecting Copyparty →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like /etc/passwd, SSH keys, or configuration files, potentially leading to credential theft and lateral movement.

🟠

Likely Case

Unauthorized access to sensitive files stored on the server, including application data, configuration files, and user uploads.

🟢

If Mitigated

Limited impact if server runs with minimal privileges and filesystem permissions restrict access to sensitive areas.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available on Packet Storm Security; exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.2

Vendor Advisory: https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg

Restart Required: Yes

Instructions:

1. Stop the Copyparty service. 2. Update to version 1.8.2 or later using pip: 'pip install --upgrade copyparty'. 3. Restart the Copyparty service.

🔧 Temporary Workarounds

Disable .cpr subfolder

linux

Remove or disable access to the .cpr directory functionality

rm -rf /path/to/copyparty/.cpr
chmod 000 /path/to/copyparty/.cpr

🧯 If You Can't Patch

Run Copyparty with minimal filesystem permissions using chroot or containerization
Implement strict network access controls to limit exposure to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check if Copyparty version is below 1.8.2 and if .cpr directory exists and is accessible

Check Version:

copyparty --version

Verify Fix Applied:

Verify version is 1.8.2 or higher and test path traversal attempts to .cpr return proper errors

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to .cpr directory
HTTP requests containing path traversal sequences like '../'

Network Indicators:

HTTP requests to .cpr paths with traversal sequences
Unusual file access patterns from single IP

SIEM Query:

source="copyparty.log" AND (uri="*../*" OR uri="*/.cpr/*")

📊 Metadata

CVE ID: CVE-2023-37474

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: July 14, 2023

Last Updated: September 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37474, you might also want to check these: