| Vulnerable Component Details | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | ||||||||||||||
| npm | @lhci | cli | 0.7.2 | pkg:npm/%40lhci/cli@0.7.2 | ||||||||||||||
| Vulnerability Details | ||||||||||||||||||
| ID | CVE-2016-10538 | |||||||||||||||||
| Description | The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. | |||||||||||||||||
| Recommendation | State: fixed | Fix Versions: 1.0.0 | |||||||||||||||||
| Ratings |
|
|||||||||||||||||
| Related Vulnerabilities | ||||||||||||||||||
| Found By | Anchore Grype | |||||||||||||||||
| References / Advisories | ||||||||||||||||||