Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5847-1
HistoryFeb 07, 2023 - 12:00 a.m.

Grunt vulnerabilities

2023-02-0700:00:00
ubuntu.com
22

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.1%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • grunt - JavaScript task runner/build system/maintainer tool

Details

It was discovered that Grunt was not properly loading YAML files before
parsing them. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2020-7729)

It was discovered that Grunt was not properly handling symbolic links
when performing file copy operations. An attacker could possibly use this
issue to expose sensitive information or execute arbitrary code.
(CVE-2022-0436)

It was discovered that there was a race condition in the Grunt file copy
function, which could lead to an arbitrary file write. An attacker could
possibly use this issue to perform a local privilege escalation attack or
to execute arbitrary code. (CVE-2022-1537)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchgrunt< 1.4.1-2ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchgrunt< 1.4.1-2UNKNOWN
Ubuntu20.04noarchgrunt< 1.0.4-2ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchgrunt< 1.0.4-2UNKNOWN
Ubuntu18.04noarchgrunt< 1.0.1-8ubuntu0.1+esm1UNKNOWN
Ubuntu18.04noarchgrunt< 1.0.1-8ubuntu0.1UNKNOWN

Related

nessus 5
osv 11
openvas 5
ubuntucve 3
debiancve 3
nodejs 1
cve 3
debian 3
prion 3
veracode 3
ubuntu 1
github 3
redhatcve 1
huntr 2
ibm 2
nessus
nessus
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : Grunt vulnerabilities (USN-5847-1)
2023-02-07 00:00:00
Debian DLA-2368-1 : grunt security update
2020-09-10 00:00:00
Ubuntu 18.04 LTS : Grunt vulnerability (USN-4595-1)
2020-10-20 00:00:00
osv
osv
grunt vulnerabilities
2023-02-07 18:56:35
grunt - security update
2020-09-09 00:00:00
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
openvas
openvas
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
Debian: Security Advisory (DLA-2368-1)
2020-09-10 00:00:00
Ubuntu: Security Advisory (USN-4595-1)
2020-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
CVE-2020-7729
2020-09-03 00:00:00
CVE-2022-0436
2022-04-12 00:00:00
debiancve
debiancve
CVE-2020-7729
2020-09-03 09:15:00
CVE-2022-0436
2022-04-12 21:15:00
CVE-2022-1537
2022-05-10 14:15:00
nodejs
nodejs
Arbitrary Code Execution in grunt
2021-05-06 18:28:27
cve
cve
CVE-2020-7729
2020-09-03 09:15:00
CVE-2022-0436
2022-04-12 21:15:00
CVE-2022-1537
2022-05-10 14:15:00
debian
debian
[SECURITY] [DLA 2368-1] grunt security update
2020-09-09 11:38:48
[SECURITY] [DLA 3386-1] grunt security update
2023-04-06 13:00:18
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:24
prion
prion
Code injection
2020-09-03 09:15:00
Race condition
2022-05-10 14:15:00
Path traversal
2022-04-12 21:15:00
veracode
veracode
Arbtirary Code Execution
2020-08-26 03:48:47
Path Traversal
2022-04-13 01:39:33
Time-of-check To Time-of-Use (TOCTOU)
2022-05-11 13:29:53
ubuntu
ubuntu
Grunt vulnerability
2020-10-20 00:00:00
github
github
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
Path Traversal in Grunt
2022-04-13 00:00:16
Race Condition in Grunt
2022-05-11 00:01:37
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
huntr
huntr
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write
2022-04-12 16:15:32
Path Traversal in gruntjs/grunt
2022-01-26 05:17:28
ibm
ibm
Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform
2023-02-17 15:44:51
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance
2023-06-30 05:54:20

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.1%

JSON
Related for USN-5847-1
nessus5osv11openvas5ubuntucve3debiancve3nodejs1cve3debian3prion3veracode3ubuntu1github3redhatcve1huntr2ibm2