Linux Distros Unpatched Vulnerability : CVE-2022-1537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. Thi...

Debian: Security Advisory (DLA-3383-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3383 : grunt - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3383 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3383-1 [email protected] https://www.debian.org/lts/security/...

Ubuntu: Security Advisory (USN-5847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +2603 more potentially affected by CVE-2022-1537 via grunt (>=0.2.14 <=1.4.1)

grunt NPM version =0.2.14, =1.0.0, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0-alpha1, =0.1.0, =0.4.0, =0.0.9, =0.0.6, =0.12.0-edge9, =0.0.5, =0.0.2, =1.0.1 and more Source cves: CVE-2022-1537 Source advisory: OSV:GHSA-RM36-94G8-835R...

CVE-2022-1537

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

CVE-2022-1537 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privilege...

CVE-2022-1537

CVE-2022-1537 (GruntJS) involves a TOCTOU race in file.copy that enables arbitrary file writes in gruntjs/grunt before 1.5.3. An attacker with access to both source and destination directories could leverage a lower-privileged user’s ability to influence file operations (e.g., via a symlink to th...