5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.7%
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.
github.com/entropic-dev/entropic/issues/251