Lucene search
@huntrdevCVELIST:CVE-2022-1537HistoryMay 10, 2022 - 12:00 a.m.
CVE-2022-1537 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt
2022-05-1000:00:00
CWE-367
@huntrdev
raw.githubusercontent.com
1
0.0004 Low
EPSS
Percentile
5.2%
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user’s .bashrc file or replace /etc/shadow file if the GruntJS user is root.
Related
nessus
nessus
Debian DLA-3383-1 : grunt - LTS security update
2023-04-05 00:00:00
osv
osv
CVE-2022-1537
2022-05-10 14:15:08
Race Condition in Grunt
2022-05-11 00:01:37
grunt - security update
2023-04-05 00:00:00
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
prion
prion
Race condition
2022-05-10 14:15:00
debian
debian
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:49
huntr
huntr
github
github
Race Condition in Grunt
2022-05-11 00:01:37
cve
cve
CVE-2022-1537
2022-05-10 14:15:00
veracode
veracode
Time-of-check To Time-of-Use (TOCTOU)
2022-05-11 13:29:53
openvas
openvas
Debian: Security Advisory (DLA-3383-1)
2023-04-06 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
debiancve
debiancve
CVE-2022-1537
2022-05-10 14:15:00
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
ubuntu
ubuntu
Grunt vulnerabilities
2023-02-07 00:00:00
