VYPR

npm package

grunt

pkg:npm/grunt

Vulnerabilities (3)

  • CVE-2022-1537May 10, 2022
    affected < 1.5.3fixed 1.5.3

    file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if

  • CVE-2022-0436Apr 12, 2022
    affected < 1.5.2fixed 1.5.2

    Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

  • CVE-2020-7729Sep 3, 2020
    affected < 1.3.0fixed 1.3.0

    The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.