Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-1537HistoryMay 10, 2022 - 2:15 p.m.
CVE-2022-1537
2022-05-1014:15:00
Debian Security Bug Tracker
security-tracker.debian.org
12
0.0004 Low
EPSS
Percentile
5.2%
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user’s .bashrc file or replace /etc/shadow file if the GruntJS user is root.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | grunt | < 1.5.3-1 | grunt_1.5.3-1_all.deb |
| Debian | 11 | all | grunt | < 1.3.0-1+deb11u2 | grunt_1.3.0-1+deb11u2_all.deb |
| Debian | 10 | all | grunt | < 1.0.1-8+deb10u2 | grunt_1.0.1-8+deb10u2_all.deb |
| Debian | 999 | all | grunt | < 1.5.3-1 | grunt_1.5.3-1_all.deb |
| Debian | 13 | all | grunt | < 1.5.3-1 | grunt_1.5.3-1_all.deb |
Related
nessus
nessus
Debian DLA-3383-1 : grunt - LTS security update
2023-04-05 00:00:00
osv
osv
CVE-2022-1537
2022-05-10 14:15:08
grunt - security update
2023-04-05 00:00:00
Race Condition in Grunt
2022-05-11 00:01:37
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
veracode
veracode
Time-of-check To Time-of-Use (TOCTOU)
2022-05-11 13:29:53
openvas
openvas
Debian: Security Advisory (DLA-3383-1)
2023-04-06 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
prion
prion
Race condition
2022-05-10 14:15:00
huntr
huntr
debian
debian
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:49
cvelist
cvelist
cve
cve
CVE-2022-1537
2022-05-10 14:15:00
github
github
Race Condition in Grunt
2022-05-11 00:01:37
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
ubuntu
ubuntu
Grunt vulnerabilities
2023-02-07 00:00:00
