Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5847-1
HistoryFeb 07, 2023 - 6:56 p.m.

grunt vulnerabilities

2023-02-0718:56:35
Google
osv.dev
8
grunt
arbitrary code execution
sensitive information exposure
cve-2020-7729
cve-2022-0436
cve-2022-1537
race condition

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.009

Percentile

82.3%

JSON

It was discovered that Grunt was not properly loading YAML files before
parsing them. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2020-7729)

It was discovered that Grunt was not properly handling symbolic links
when performing file copy operations. An attacker could possibly use this
issue to expose sensitive information or execute arbitrary code.
(CVE-2022-0436)

It was discovered that there was a race condition in the Grunt file copy
function, which could lead to an arbitrary file write. An attacker could
possibly use this issue to perform a local privilege escalation attack or
to execute arbitrary code. (CVE-2022-1537)

Related

ubuntu 2
nessus 5
openvas 5
ubuntucve 3
debiancve 3
osv 10
debian 3
nodejs 1
cve 3
prion 3
nvd 3
veracode 3
github 3
cvelist 3
redhatcve 1
huntr 2
ibm 2
ubuntu
ubuntu
Grunt vulnerabilities
2023-02-07 00:00:00
Grunt vulnerability
2020-10-20 00:00:00
nessus
nessus
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : Grunt vulnerabilities (USN-5847-1)
2023-02-07 00:00:00
Debian DLA-2368-1 : grunt security update
2020-09-10 00:00:00
Ubuntu 18.04 LTS : Grunt vulnerability (USN-4595-1)
2020-10-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
Debian: Security Advisory (DLA-2368-1)
2020-09-10 00:00:00
Ubuntu: Security Advisory (USN-4595-1)
2020-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
CVE-2020-7729
2020-09-03 00:00:00
CVE-2022-0436
2022-04-12 00:00:00
debiancve
debiancve
CVE-2020-7729
2020-09-03 09:15:10
CVE-2022-0436
2022-04-12 21:15:07
CVE-2022-1537
2022-05-10 14:15:08
osv
osv
grunt - security update
2020-09-09 00:00:00
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
grunt vulnerability
2020-10-20 20:49:50
debian
debian
[SECURITY] [DLA 2368-1] grunt security update
2020-09-09 11:38:48
[SECURITY] [DLA 3386-1] grunt security update
2023-04-06 13:00:18
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:24
nodejs
nodejs
Arbitrary Code Execution in grunt
2021-05-06 18:28:27
cve
cve
CVE-2020-7729
2020-09-03 09:15:10
CVE-2022-0436
2022-04-12 21:15:07
CVE-2022-1537
2022-05-10 14:15:08
prion
prion
Code injection
2020-09-03 09:15:00
Race condition
2022-05-10 14:15:00
Path traversal
2022-04-12 21:15:00
nvd
nvd
CVE-2020-7729
2020-09-03 09:15:10
CVE-2022-1537
2022-05-10 14:15:08
CVE-2022-0436
2022-04-12 21:15:07
veracode
veracode
Arbtirary Code Execution
2020-08-26 03:48:47
Time-of-check To Time-of-Use (TOCTOU)
2022-05-11 13:29:53
Path Traversal
2022-04-13 01:39:33
github
github
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
Race Condition in Grunt
2022-05-11 00:01:37
Path Traversal in Grunt
2022-04-13 00:00:16
cvelist
cvelist
CVE-2020-7729 Arbitrary Code Execution
2020-09-03 09:00:15
CVE-2022-0436 Path Traversal in gruntjs/grunt
2022-04-12 00:00:00
CVE-2022-1537 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt
2022-05-10 00:00:00
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
huntr
huntr
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write
2022-04-12 16:15:32
Path Traversal in gruntjs/grunt
2022-01-26 05:17:28
ibm
ibm
Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform
2023-02-17 15:44:51
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance
2023-06-30 05:54:20

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.009

Percentile

82.3%

JSON
Related for OSV:USN-5847-1
ubuntu2nessus5openvas5ubuntucve3debiancve3osv10debian3nodejs1cve3prion3nvd3veracode3github3cvelist3redhatcve1huntr2ibm2