WS-2016-0036 (Low) detected in cli-0.4.3.tgz #3

mend-bolt-for-github · 2019-06-20T13:45:44Z

WS-2016-0036 - Low Severity Vulnerability

Vulnerable Library - cli-0.4.3.tgz

A tool for rapidly building command line apps

Library home page: http://registry.npmjs.org/cli/-/cli-0.4.3.tgz

Path to dependency file: /mockiato/package.json

Path to vulnerable library: /tmp/git/mockiato/node_modules/cli/package.json

Dependency Hierarchy:

fuse-0.4.0.tgz (Root Library)
- jshint-0.9.1.tgz
  - ❌ cli-0.4.3.tgz (Vulnerable Library)

Found in HEAD commit: 58256455490dab5688d1d5d565417330d5c21e41

Vulnerability Details

The package node-cli insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

Publish Date: 2016-06-15

URL: WS-2016-0036

CVSS 2 Score Details (1.9)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: node-js-libs/cli@fd6bc4d

Release Date: 2017-01-31

Fix Resolution: 1.0.0

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 20, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2016-0036 (Low) detected in cli-0.4.3.tgz #3

WS-2016-0036 (Low) detected in cli-0.4.3.tgz #3

mend-bolt-for-github bot commented Jun 20, 2019

WS-2016-0036 (Low) detected in cli-0.4.3.tgz #3

WS-2016-0036 (Low) detected in cli-0.4.3.tgz #3

Comments

mend-bolt-for-github bot commented Jun 20, 2019

WS-2016-0036 - Low Severity Vulnerability