CVE-2022-0436Path Traversal in Grunt

CWE-22Path Traversal8 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.1
EPSS
0.1%
top 72.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gruntjs GruntGruntjs Grunt
Timeline
PublishedApr 12
Latest updateFeb 7

Description

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDgruntjs/grunt< 1.5.2
npmgruntjs/grunt< 1.5.2
CVEListV5gruntjs/gruntjs_gruntunspecified1.5.2
Debiangruntjs/grunt< 1.3.0-1+deb11u1+3
Ubuntugruntjs/grunt< 1.0.1-8ubuntu0.1+esm1+2

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

5
OSV
grunt vulnerabilities2023-02-07
GHSA
Path Traversal in Grunt2022-04-13
OSV
Path Traversal in Grunt2022-04-13
OSV
CVE-2022-0436: Path Traversal in GitHub repository gruntjs/grunt prior to 12022-04-12
CVEList
Path Traversal in gruntjs/grunt2022-04-12

📋Vendor Advisories

2
Ubuntu
Grunt vulnerabilities2023-02-07
Debian
CVE-2022-0436: grunt - Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.2022
CVE-2022-0436 — Path Traversal in Gruntjs Grunt | cvebase