CVE-2016-10538

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 3.5

CVSS2: 4.9

EPSS Низкий

Описание

The package node-cli before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

Ссылки

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252
Third Party Advisory
https://github.com/node-js-libs/cli/issues/81
Exploit
Third Party Advisory
https://nodesecurity.io/advisories/95
Exploit
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252
Third Party Advisory
https://github.com/node-js-libs/cli/issues/81
Exploit
Third Party Advisory
https://nodesecurity.io/advisories/95
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cli_project:cli:*:*:*:*:*:node.js:*:*

Версия до 1.0.0 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00317

Низкий

3.5 Low

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-22

CWE-362

Связанные уязвимости

CVE-2016-10538

CVSS3: 3.5

ubuntu

больше 7 лет назад

The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

CVE-2016-10538

CVSS3: 3.5

debian

больше 7 лет назад

The package `node-cli` before 1.0.0 insecurely uses the lock_file and ...

GHSA-6cpc-mj5c-m9rq

github

почти 7 лет назад

Arbitrary File Write in cli

EPSS

Процентиль: 54%

0.00317

Низкий

3.5 Low

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-22

CWE-362