GHSA-2h46-9x5w-4wf7

### Impact

A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes `entire session resume` or `entire checkpoint rewind` to write attacker-controlled transcript data outside of the expected session directory.

The issue occurs because checkpoint metadata is fetched from the remote `entire/checkpoints/v1` branch and the `SessionID` field was used to construct filesystem paths without validation in the restore path. A malicious `SessionID` containing absolute paths or path traversal sequences could cause arbitrary files on the victim’s machine to be overwritten.

### Patches

The patched versions (`v0.7.7` or `v0.7.8-nightly.*`) observe stronger input validation and enforce traversal-resistant primitives to ensure that only descending directories can be accessed by the affected commands.

### Workarounds If upgrading immediately is not possible:

- Do not run `entire session resume` or `entire checkpoint rewind` on repositories where untrusted users can push to `entire/checkpoints/v1`. - Restrict push access to shared repositories until all collaborators have upgraded. - Inspect the `entire/checkpoints/v1` branch for suspicious checkpoint metadata before resuming or rewinding. - Remove or protect shell initialization files and other sensitive user-writable files where feasible.

These mitigations reduce exposure but do not fully address the vulnerability. Upgrading is recommended.

### Credits Thanks Navtej Kathuria for privately reporting this issue to the Entire Security team.