Vulnerabilities (CVE)

Filtered by vendor Gruntjs Subscribe
Filtered by product Grunt
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1537 1 Gruntjs 1 Grunt 2023-12-10 6.9 MEDIUM 7.0 HIGH
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
CVE-2022-0436 1 Gruntjs 1 Grunt 2023-12-10 2.1 LOW 5.5 MEDIUM
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
CVE-2020-7729 3 Canonical, Debian, Gruntjs 3 Ubuntu Linux, Debian Linux, Grunt 2023-12-10 4.6 MEDIUM 7.1 HIGH
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.