The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @earendil-works/pi-coding-agent to version 0.79.0 or higher.
@earendil-works/pi-coding-agent is a Coding agent CLI with read, bash, edit, write tools and session management
Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the project resource loading process. An attacker can execute arbitrary code with the same privileges as the user by placing malicious project-local extensions in a repository and convincing a user to start the application from that repository. This is only exploitable if the user opens or works in an attacker-controlled repository and initiates the application there.
This vulnerability can be mitigated by running the application only in trusted repositories or within an external sandbox or isolation boundary when working with untrusted code. Additionally, users can inspect and remove project-local configuration and resources before use, disable extensions and project resources with command-line flags, or enforce trusted or isolated execution as a primary mitigation.