exploitDog

GHSA-ggwc-r3m2-wjp9

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.

Ссылки

EPSS

Процентиль: 35%

0.00147

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2019-15714

CVSS3: 5.3

nvd

больше 6 лет назад

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.

EPSS

Процентиль: 35%

0.00147

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22