N/A

CVSS Score

Basic Information

CVE ID

CVE-2016-10538

GHSA ID

GHSA-6cpc-mj5c-m9rq

EPSS Score

0.5418%

CWE

CWE-22

Published

2/18/2019

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-10538

CVE-2016-10538: Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to.

Proof of Concept

By creating Symbolic Links at the following locations, the target of the link can be written to.

lock_file = '/tmp/' + cli.app + '.pid',
log_file = '/tmp/' + cli.app + '.log';

Recommendation

Update to version 1.0.0 or later.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2016-10538

GHSA ID

GHSA-6cpc-mj5c-m9rq

EPSS Score

0.5418%

CWE

CWE-22

Published

2/18/2019

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
cli	npm	< 1.0.0	1.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The security patch removes all daemon-related functionality including the cli.daemon method that contained the vulnerable temporary file creation logic. The removed code explicitly shows predictable path construction using /tmp + app name pattern. This matches the CVE description of insecure temporary file handling that enables arbitrary file writes via symlink attacks. The function would appear in profiler traces when daemon operations (start(), stop(), log()) were executed in vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `*li` us* pr**i*t**l* t*mpor*ry *il* n*m*s. I* *n *tt**k*r **n *r**t* * sym*oli* link *t t** lo**tion o* on* o* t**s* t*mpor*rly *il* n*m*s, t** *tt**k*r **n *r*itr*rily writ* to *ny *il* t**t t** us*r w*i** owns t** `*li` pro**s

Reasoning

T** s**urity p*t** r*mov*s *ll ***mon-r*l*t** *un*tion*lity in*lu*in* t** `*li.***mon` m*t*o* t**t *ont*in** t** vuln*r**l* t*mpor*ry *il* *r**tion lo*i*. T** r*mov** *o** *xpli*itly s*ows pr**i*t**l* p*t* *onstru*tion usin* `/tmp` + *pp n*m* p*tt*rn

N/A

Basic Information

Concerned about an active attack path?

CVE-2016-10538: Arbitrary File Write in cli

Proof of Concept

Recommendation

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI