Описание
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-cli | removed | package |
Примечания
https://github.com/node-js-libs/cli/issues/81
https://nodesecurity.io/advisories/95
Связанные уязвимости
CVSS3: 3.5
ubuntu
больше 7 лет назад
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
CVSS3: 3.5
nvd
больше 7 лет назад
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
