CVE-2016-10538

Vulnerable Component Details
Type Namespace Name Version Package URL
npm @lhci cli 0.7.2 pkg:npm/%40lhci/cli@0.7.2
Vulnerability Details
ID CVE-2016-10538
Description The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
Recommendation State: fixed | Fix Versions: 1.0.0
Ratings
Severity Score Method Vector Source
4.9 CVSSv2 AV:N/AC:M/Au:S/C:N/I:P/A:P
3.5 CVSSv3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Related Vulnerabilities
Found By Anchore Grype
References / Advisories