Gruntjs Grunt vulnerabilities
3 known vulnerabilities affecting gruntjs/grunt.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-1537HIGHCVSS 7.0fixed in 1.5.32022-05-10
CVE-2022-1537 [HIGH] CWE-367 CVE-2022-1537: file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination dire
ghsanvdosv
CVE-2022-0436MEDIUMCVSS 5.5fixed in 1.5.22022-04-12
CVE-2022-0436 [MEDIUM] CWE-22 CVE-2022-0436: Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
ghsanvdosv
CVE-2020-7729HIGHCVSS 7.1fixed in 1.3.0≥ unspecified, < 1.3.02020-09-03
CVE-2020-7729 [HIGH] CWE-1188 CVE-2020-7729: The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage o
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
cvelistv5ghsanvdosv