Moderate severityNVD Advisory· Published Apr 12, 2022· Updated Aug 2, 2024
Path Traversal in gruntjs/grunt
CVE-2022-0436
Description
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gruntnpm | < 1.5.2 | 1.5.2 |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/code-serverpkg:apk/chainguard/code-server-compatpkg:apk/wolfi/code-serverpkg:apk/wolfi/code-server-compatpkg:npm/grunt
< 0+ 4 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.5.2
- gruntjs/gruntjs/gruntv5Range: unspecified
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-j383-35pm-c5h4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0436ghsaADVISORY
- github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665ghsaWEB
- github.com/gruntjs/grunt/commit/b0ec6e12426fc8d5720dee1702f6a67455c5986cghsaWEB
- github.com/gruntjs/grunt/pull/1743ghsaWEB
- huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92bghsaWEB
- lists.debian.org/debian-lts-announce/2023/04/msg00008.htmlghsamailing-listWEB
News mentions
0No linked articles in our index yet.