4 matches found
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10538. Reason: This candidate is a duplicate of CVE-2016-10538. Notes: All CVE users should reference CVE-2016-10538 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2016-1000021
CVE-2016-1000021 is rejected and not used; reference CVE-2016-10538.
0x00-pl--avg-pack-to-ttf (>=0.0.2 <=0.0.6), 0x00-pl--svg-pack-to-ttf (>=0.0.7 <=0.0.15) +3410 more potentially affected by CVE-2016-10538 via cli (>=0.10.0 <=0.9.0)
cli NPM version =0.10.0, =0.0.2, =0.0.7, =1.2.0, =2.2.4, =2.11.4, =2.0.0, =2.11.4, =3.0.0, =0.1.4, =1.1.0, =0.1.0, =1.0.0, =1.1.0, =1.1.0, =1.1.5 and more Source cves: CVE-2016-10538 Source advisory: OSV:GHSA-6CPC-MJ5C-M9RQ...
CVE-2016-10538
CVE-2016-10538 affects node-cli prior to 1.0.0, where the process insecurely uses temporary files (lock_file and log_file). This design flaw enables the starting user to overwrite arbitrary files they have access to, due to predictable temporary file names. The core issue is the ability to create...