First published: Wed Aug 28 2019(Updated: )
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Entropic Project Entropic | <2019-06-13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2019-15714.
CVE-2019-15714 has a severity level of medium (5.3).
The affected software is Entropic before 2019-06-13.
CLI/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations.
Yes, a fix is available for CVE-2019-15714. It is recommended to update to a version after 2019-06-13 of Entropic.
More information about CVE-2019-15714 can be found at the following link: https://github.com/entropic-dev/entropic/issues/251
The CWE ID of CVE-2019-15714 is CWE-22.