Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7729 | 3 Canonical, Debian, Gruntjs | 3 Ubuntu Linux, Debian Linux, Grunt | 2022-11-16 | 4.6 MEDIUM | 7.1 HIGH |
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | |||||
CVE-2022-1537 | 1 Gruntjs | 1 Grunt | 2022-05-16 | 6.9 MEDIUM | 7.0 HIGH |
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. | |||||
CVE-2022-0436 | 1 Gruntjs | 1 Grunt | 2022-04-20 | 2.1 LOW | 5.5 MEDIUM |
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. |