GMS-2016-34: Arbitrary File Write

June 15, 2016

Node-cli insecurely uses user provided data in the name of it’s lock file and log file. It allows the starting user to overwrite any file they have access to.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252
github.com/node-js-libs/cli/issues/81

Detect and mitigate GMS-2016-34 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →