Home > Vulnerability Database > WS-2016-0036

Mend.io Vulnerability Database

WS-2016-0036

Good to know:

Date: August 16, 2016

The package node-cli insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

Language: Java

Severity Score

7.5

Related Resources (2)

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252

Url: https://www.mend.io/vulnerability-database/WS-2016-0036

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Files or Directories Accessible to External Parties

CWE-552

Top Fix

Upgrade Version

Upgrade to version mfcc/skeleton-application - zf/release-2.0.0beta1;dreamfactory/df-api-docs-ui - 1.1.0;cli - 1.0.0;jadu/pulsar - 1.0.16;adrexia/flowchart - no_fix;adrexia/silverstripe-gumby-theme - 2;org.webjars.bower:FlipClock:no_fix;org.webjars.npm:cli:1.0.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2016-0036

Good to know:

Date: August 16, 2016

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?