AIKIDO-2026-10177
github.com/hashicorp/copywrite is vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
71
High Risk
This Affects:
github.com/hashicorp/copywriteTL;DR
Affected versions of this package improperly parsed .hbs (Handlebars) templates by treating indented lines containing the keyword “copyright” as copyright headers, causing unintended modification of embedded JavaScript code and potential code corruption. An attacker could exploit this behavior by injecting specially crafted template content or configuration data containing the keyword in controlled inputs, triggering logic that alters application code or template behavior, potentially leading to integrity issues, unexpected execution paths, or denial of service during template processing or build pipelines.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/hashicorp/copywrite is vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in versions 0.23.0 - 0.24.1.
How to fix this
Upgrade the github.com/hashicorp/copywrite library to the patch version.
Background Info
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant