Product:

Grunt

(Gruntjs)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2020-09-03 CVE-2020-7729 The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. Ubuntu_linux, Debian_linux, Grunt 7.1
2022-05-10 CVE-2022-1537 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. Grunt 7.0
2022-04-12 CVE-2022-0436 Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Grunt 5.5