3 matches found
CVE-2022-1537
CVE-2022-1537 (GruntJS) involves a TOCTOU race in file.copy that enables arbitrary file writes in gruntjs/grunt before 1.5.3. An attacker with access to both source and destination directories could leverage a lower-privileged user’s ability to influence file operations (e.g., via a symlink to th...
CVE-2020-7729
Summary: CVE-2020-7729 affects the grunt package due to insecure YAML loading via js-yaml in grunt.file.readYAML, allowing arbitrary code execution. The issue is triggered by using load() instead of safeLoad(). The vulnerability is discussed across multiple sources, including npm advisory, Ubuntu...
CVE-2022-0436
CVE-2022-0436 describes a path traversal in gruntjs/grunt prior to 1.5.2. Connected advisories confirm Grunt’s vulnerability lies in filesystem path handling (notably in copy/IO paths), enabling a local attacker to traverse directories and read/write files. Affected product: Grunt (GruntJS task r...