RSS   Podatności dla 'Grunt'   RSS

2022-05-10
 
CVE-2022-1537

CWE-367
 

 
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

 
2022-04-12
 
CVE-2022-0436

CWE-22
 

 
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

 
2020-09-03
 
CVE-2020-7729

CWE-1188
 

 
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

 


Copyright 2024, cxsecurity.com

 

Back to Top