CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1537 – file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt
https://notcve.org/view.php?id=CVE-2022-1537
10 May 2022 — file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. Las op... • https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0436 – Path Traversal in gruntjs/grunt
https://notcve.org/view.php?id=CVE-2022-0436
12 Apr 2022 — Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Un Salto de Ruta en el repositorio de GitHub gruntjs/grunt versiones anteriores a 1.5.2 It was discovered that Grunt was not properly loading YAML files before parsing them. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Grunt was not properly handling symbolic links when performing file copy operations. An attacker could possibly use this issue to expose sensitive information or execute arbitrary ... • https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 1CVE-2020-7729 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7729
03 Sep 2020 — The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. El paquete grunt versiones anteriores a 1.3.0, es vulnerable a una ejecución de código arbitraria debido al uso predeterminado de la función load() en lugar de su reemplazo seguro safeLoad() del paquete js-yaml dentro de grunt.file.readYAML It was discovered that Grunt was not properly loading... • https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249 • CWE-1188: Initialization of a Resource with an Insecure Default •