npm package
grunt
pkg:npm/grunt
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1537 | — | < 1.5.3 | 1.5.3 | May 10, 2022 | file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if | ||
| CVE-2022-0436 | — | < 1.5.2 | 1.5.2 | Apr 12, 2022 | Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | ||
| CVE-2020-7729 | — | < 1.3.0 | 1.3.0 | Sep 3, 2020 | The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. |
- CVE-2022-1537May 10, 2022affected < 1.5.3fixed 1.5.3
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if
- CVE-2022-0436Apr 12, 2022affected < 1.5.2fixed 1.5.2
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
- CVE-2020-7729Sep 3, 2020affected < 1.3.0fixed 1.3.0
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.