Lucene search

GitHub Advisory DatabaseGHSA-3MRP-QHCJ-MWV5

HistoryMay 24, 2022 - 5:02 p.m.

Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

2022-05-2417:02:32

CWE-22

GitHub Advisory Database

github.com

3.8 Low

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.3%

JSON

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-6cpc-mj5c-m9rq. This link is maintained to preserve external references.

Original Description

An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lock_file and log_file, which allows an attacker to overwrite files.

Affected configurations

Vulners

Node

cli_projectcliRange≤0.11.3node.js

CPENameOperatorVersion
clile0.11.3

CPE	Name	Operator	Version
	cli	le	0.11.3

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000021

github.com/advisories/GHSA-3mrp-qhcj-mwv5

github.com/node-js-libs/cli/issues/81

nvd.nist.gov/vuln/detail/CVE-2016-1000021

nvd.nist.gov/vuln/detail/CVE-2016-10538

web.archive.org/web/20190430172230/https://www.npmjs.com/advisories/95