WS-2016-0036 Low Severity Vulnerability detected by WhiteSource #1133
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2016-0036 - Low Severity Vulnerability
cli-0.6.6.tgz
A tool for rapidly building command line apps
path: /FinancialManager/web/assets/vendors/jquery.easy-pie-chart/node_modules/cli/package.json,/FinancialManager/web/assets/vendors/jszip/node_modules/cli/package.json,/tmp/git/FinancialManager/web/assets/vendors/bootstrap/node_modules/cli/package.json,/tmp/git/FinancialManager/web/assets/vendors/select2/node_modules/cli/package.json
Library home page: http://registry.npmjs.org/cli/-/cli-0.6.6.tgz
Dependency Hierarchy:
cli-0.4.3.tgz
A tool for rapidly building command line apps
path: /tmp/git/FinancialManager/web/assets/vendors/Flot/node_modules/cli/package.json
Library home page: http://registry.npmjs.org/cli/-/cli-0.4.3.tgz
Dependency Hierarchy:
The package node-cli insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
Publish Date: 2016-06-15
URL: WS-2016-0036
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: