Lucene search
Veracode Vulnerability DatabaseVERACODE:35475HistoryMay 11, 2022 - 1:29 p.m.
Time-of-check To Time-of-Use (TOCTOU)
2022-05-1113:29:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
28
toctou
vulnerability
file.copy
file.js
permissions
attacker
arbitrary files
software
EPSS
0
Percentile
5.1%
grunt is vulnerable to Time-of-check To Time-of-Use (TOCTOU). The vulnerability exists in file.copy function in file.js because the permissions are not properly handled in both source and destination directories which allows an attacker to access and write arbitrary files.
References
github.com/advisories/GHSA-rm36-94g8-835r
github.com/gruntjs/grunt/blob/main/lib/grunt/file.js#L297L300
github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
github.com/gruntjs/grunt/pull/1745
huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/
lists.debian.org/debian-lts-announce/2023/04/msg00006.html
Related
nessus
nessus
Debian DLA-3383-1 : grunt - LTS security update
2023-04-05 00:00:00
nvd
nvd
CVE-2022-1537
2022-05-10 14:15:08
redhatcve
redhatcve
CVE-2022-1537
2022-05-11 01:28:49
osv
osv
CVE-2022-1537
2022-05-10 14:15:08
grunt - security update
2023-04-05 00:00:00
Race Condition in Grunt
2022-05-11 00:01:37
openvas
openvas
Debian: Security Advisory (DLA-3383-1)
2023-04-06 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
debiancve
debiancve
CVE-2022-1537
2022-05-10 14:15:08
huntr
huntr
debian
debian
[SECURITY] [DLA 3383-1] grunt security update
2023-04-05 20:00:24
prion
prion
Race condition
2022-05-10 14:15:00
cve
cve
CVE-2022-1537
2022-05-10 14:15:08
cvelist
cvelist
github
github
Race Condition in Grunt
2022-05-11 00:01:37
ubuntucve
ubuntucve
CVE-2022-1537
2022-05-10 00:00:00
ubuntu
ubuntu
Grunt vulnerabilities
2023-02-07 00:00:00
