The package `node-cli` prior to 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cli project cli |
||
debian debian linux 8.0 |