CVE-2016-10538

Опубликовано: 31 мая 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.9

CVSS3: 3.5

Описание

The package node-cli before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needed
cosmic	ignored	end of life
devel	DNE
disco	DNE
eoan	DNE
esm-apps/bionic	needed
esm-apps/xenial	needed
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
esm-infra/focal	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 54%

0.00317

Низкий

4.9 Medium

CVSS2

3.5 Low

CVSS3

Связанные уязвимости

CVE-2016-10538

CVSS3: 3.5

nvd

больше 7 лет назад

The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

CVE-2016-10538

CVSS3: 3.5

debian

больше 7 лет назад

The package `node-cli` before 1.0.0 insecurely uses the lock_file and ...

GHSA-6cpc-mj5c-m9rq

github

почти 7 лет назад

Arbitrary File Write in cli

EPSS

Процентиль: 54%

0.00317

Низкий

4.9 Medium

CVSS2

3.5 Low

CVSS3

CVE-2016-10538

Описание

Пакет node-cli

Ссылки на источники

Связанные уязвимости