Filtered by vendor Gruntjs Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-1537 1 Gruntjs 1 Grunt 2024-11-21 7.0 High
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
CVE-2022-0436 1 Gruntjs 1 Grunt 2024-11-21 5.5 Medium
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
CVE-2020-7729 3 Canonical, Debian, Gruntjs 3 Ubuntu Linux, Debian Linux, Grunt 2024-11-21 7.1 High
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.