Lucene search

GoogleOSV:CVE-2016-10538

HistoryMay 31, 2018 - 8:29 p.m.

CVE-2016-10538

2018-05-3120:29:01

Google

osv.dev

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

The package node-cli before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

CPENameOperatorVersion
clieq0.11.0
clieq0.6.2
clieq0.7.0
clieq0.11.3
clieq0.6.1
clieq0.6.4
clieq0.11.1
clieq0.6.3
clieq0.6.6
clieq0.7.1

Name	Operator	Version
cli	eq	0.11.0
cli	eq	0.6.2
cli	eq	0.7.0
cli	eq	0.11.3
cli	eq	0.6.1
cli	eq	0.6.4
cli	eq	0.11.1
cli	eq	0.6.3
cli	eq	0.6.6
cli	eq	0.7.1

Rows per page:

1-10 of 171

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252

github.com/node-js-libs/cli/issues/81

nodesecurity.io/advisories/95