CVE-2019-15714

Published August 28th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.

entropic-dev/entropic

🦝 :package: a package registry for anything, but mostly javascript 🦝 🦝 🦝

GitHub

5.25K