Grunt
CVE-2022-1537
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 11 npm packages depend on grunt (9 direct, 2 indirect)
Ecosystem-wide dependent count for version 1.5.3.
DescriptionNVD
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
AnalysisAI
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. Rated high severity (CVSS 7.0). Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-367. file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. Affected products include: Gruntjs Grunt. Version information: prior to 1.5.3..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load(
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability i
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today