CVE-2016-10538

Name of the Vulnerable Software and Affected Versions node-cli versions prior to 1.0.0 cli versions prior to 1.0.0

Description The issue arises from the insecure use of temporary files, specifically lock file and log file, which can be exploited by an attacker to overwrite any file the starting user has access to. This is due to the predictable nature of the temporary file names used by the affected versions of cli. An attacker can create a symbolic link at the location of one of these temporary file names, allowing them to arbitrarily write to any file that the user owning the cli process has permission to write to.

Recommendations For node-cli versions prior to 1.0.0, update to version 1.0.0 or later. For cli versions prior to 1.0.0, update to version 1.0.0 or later.