Lucene search
GoogleOSV:CVE-2022-1537HistoryMay 10, 2022 - 2:15 p.m.
CVE-2022-1537
2022-05-1014:15:08
Google
osv.dev
7
gruntjs
vulnerability
arbitrary file write
local privilege escalation
toctou race condition
github repository
EPSS
0
Percentile
5.1%
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user’s .bashrc file or replace /etc/shadow file if the GruntJS user is root.
Related
nessus
nessus
Debian DLA-3383-1 : grunt - LTS security update
2023-04-05 00:00:00
nvd
nvd
CVE-2022-1537
2022-05-10 14:15:08
osv
osv
grunt - security update
2023-04-05 00:00:00
Race Condition in Grunt
2022-05-11 00:01:37
grunt vulnerabilities
2023-02-07 18:56:35
openvas
openvas
Debian: Security Advisory (DLA-3383-1)
2023-04-06 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
debiancve
debiancve
CVE-2022-1537
2022-05-10 14:15:08
veracode
veracode
Time-of-check To Time-of-Use (TOCTOU)
2022-05-11 13:29:53
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
huntr
huntr
prion
prion
Race condition
2022-05-10 14:15:00
debian
debian
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:24
cve
cve
CVE-2022-1537
2022-05-10 14:15:08
cvelist
cvelist
github
github
Race Condition in Grunt
2022-05-11 00:01:37
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
ubuntu
ubuntu
Grunt vulnerabilities
2023-02-07 00:00:00
