Skip to main content

Grunt

3 CVEs product

Monthly

CVE-2022-1537 npm HIGH POC PATCH This Week

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Grunt
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-0436 npm MEDIUM POC PATCH This Month

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Grunt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-7729 npm HIGH POC PATCH This Week

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

RCE Grunt Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Grunt
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Grunt
NVD GitHub
EPSS 2% CVSS 7.1
HIGH POC PATCH This Week

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

RCE Grunt Debian Linux +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy