EPSS
Percentile
21.9%
grunt is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of input via the file.copy function allowing an attacker with write access to access restricted directory via a malicious symlink.
file.copy
github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b/
lists.debian.org/debian-lts-announce/2023/04/msg00008.html