Filtered by vendor Gruntjs
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-1537 | 1 Gruntjs | 1 Grunt | 2024-11-21 | 7.0 High |
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. | ||||
CVE-2022-0436 | 1 Gruntjs | 1 Grunt | 2024-11-21 | 5.5 Medium |
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | ||||
CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2024-11-21 | 7.1 High |
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. |
Page 1 of 1.