CVE-2016-10538

CVE-2016-10538

Vendor Hackerone
Product cli node module
Weakness CWE-22 · Path traversal
Published May 31, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

Key dates

02Disclosure timeline

May 31, 2018 CVE published
September 17, 2024 Record updated