Lucene search
GoogleOSV:GHSA-RM36-94G8-835RHistoryMay 11, 2022 - 12:01 a.m.
Race Condition in Grunt
2022-05-1100:01:37
Google
osv.dev
10
gruntjs
vulnerability
github
file write
local privilege escalation
symlink
.bashrc
/etc/shadow
EPSS
0
Percentile
5.1%
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user’s .bashrc file or replace /etc/shadow file if the GruntJS user is root.
Related
nvd
nvd
CVE-2022-1537
2022-05-10 14:15:08
nessus
nessus
Debian DLA-3383-1 : grunt - LTS security update
2023-04-05 00:00:00
veracode
veracode
Time-of-check To Time-of-Use (TOCTOU)
2022-05-11 13:29:53
debiancve
debiancve
CVE-2022-1537
2022-05-10 14:15:08
openvas
openvas
Debian: Security Advisory (DLA-3383-1)
2023-04-06 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
osv
osv
grunt - security update
2023-04-05 00:00:00
CVE-2022-1537
2022-05-10 14:15:08
grunt vulnerabilities
2023-02-07 18:56:35
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
cve
cve
CVE-2022-1537
2022-05-10 14:15:08
cvelist
cvelist
prion
prion
Race condition
2022-05-10 14:15:00
huntr
huntr
debian
debian
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:24
github
github
Race Condition in Grunt
2022-05-11 00:01:37
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
ubuntu
ubuntu
Grunt vulnerabilities
2023-02-07 00:00:00
