NodeJS/grunt/0.3.16
The JavaScript Task Runner
https://www.npmjs.com/package/grunt
MIT
3 Security Vulnerabilities
Path Traversal in Grunt
- https://nvd.nist.gov/vuln/detail/CVE-2022-0436
- https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
- https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
- https://github.com/gruntjs/grunt/pull/1743
- https://github.com/gruntjs/grunt/commit/b0ec6e12426fc8d5720dee1702f6a67455c5986c
- https://github.com/advisories/GHSA-j383-35pm-c5h4
- https://lists.debian.org/debian-lts-announce/2023/04/msg00008.html
Grunt prior to version 1.5.2 is vulnerable to path traversal.
Arbitrary Code Execution in grunt
- https://nvd.nist.gov/vuln/detail/CVE-2020-7729
- https://github.com/advisories/GHSA-m5pj-vjjf-4m3h
- https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
- https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
- https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922
- https://snyk.io/vuln/SNYK-JS-GRUNT-597546
- https://usn.ubuntu.com/4595-1/
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
Race Condition in Grunt
- https://nvd.nist.gov/vuln/detail/CVE-2022-1537
- https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
- https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
- https://github.com/advisories/GHSA-rm36-94g8-835r
- https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
71 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.6.1 | MIT | 2023-01-31 - 15:11 | over 1 year | |
1.6.0 | MIT | 2023-01-29 - 01:40 | over 1 year | |
1.5.3 | MIT | 2022-05-10 - 12:06 | almost 2 years | |
1.5.2 | MIT | 1 | 2022-04-12 - 11:58 | about 2 years |
1.5.1 | MIT | 2 | 2022-04-11 - 15:17 | about 2 years |
1.5.0 | MIT | 2 | 2022-04-11 - 03:27 | about 2 years |
1.4.1 | MIT | 2 | 2021-05-24 - 14:25 | almost 3 years |
1.4.0 | MIT | 2 | 2021-04-22 - 15:30 | about 3 years |
1.3.0 | MIT | 2 | 2020-08-18 - 19:48 | over 3 years |
1.2.1 | MIT | 3 | 2020-07-07 - 14:27 | almost 4 years |
1.2.0 | MIT | 3 | 2020-07-03 - 18:00 | almost 4 years |
1.1.0 | MIT | 3 | 2020-03-17 - 02:37 | about 4 years |
1.0.4 | MIT | 3 | 2019-03-22 - 18:50 | about 5 years |
1.0.3 | MIT | 3 | 2018-06-04 - 00:25 | almost 6 years |
1.0.2 | MIT | 3 | 2018-02-07 - 21:43 | about 6 years |
1.0.1 | MIT | 3 | 2016-04-05 - 18:16 | about 8 years |
1.0.0 | MIT | 3 | 2016-04-04 - 23:26 | about 8 years |
1.0.0-rc1 | MIT | 3 | 2016-02-11 - 18:06 | about 8 years |
0.4.5 | MIT | 3 | 2014-05-12 - 17:45 | almost 10 years |
0.4.4 | MIT | 3 | 2014-03-12 - 20:28 | about 10 years |
0.4.3 | MIT | 3 | 2014-03-07 - 22:00 | about 10 years |
0.4.2 | MIT | 3 | 2013-11-21 - 20:52 | over 10 years |
0.4.1 | MIT | 3 | 2013-03-13 - 14:17 | about 11 years |
0.4.0 | MIT | 3 | 2013-02-18 - 17:27 | about 11 years |
0.4.0-a | MIT | 3 | 2012-12-05 - 15:23 | over 11 years |
0.4.0-rc8 | MIT | 3 | 2013-02-14 - 01:07 | about 11 years |
0.4.0-rc7 | MIT | 3 | 2013-01-21 - 21:31 | over 11 years |
0.4.0-rc6 | MIT | 3 | 2013-01-18 - 15:53 | over 11 years |
0.4.0-rc5 | MIT | 3 | 2013-01-09 - 19:24 | over 11 years |
0.4.0-rc4 | MIT | 3 | 2012-12-17 - 22:17 | over 11 years |
0.4.0-rc3 | MIT | 3 | 2012-12-12 - 23:08 | over 11 years |
0.4.0-rc2 | MIT | 3 | 2012-12-10 - 20:51 | over 11 years |
0.4.0-rc1 | MIT | 3 | 2012-12-07 - 21:38 | over 11 years |
0.3.17 | MIT | 3 | 2012-10-15 - 20:44 | over 11 years |
0.3.16 | MIT | 3 | 2012-10-02 - 19:43 | over 11 years |
0.3.15 | MIT | 3 | 2012-09-04 - 18:29 | over 11 years |
0.3.14 | MIT | 3 | 2012-08-29 - 20:55 | over 11 years |
0.3.13 | MIT | 3 | 2012-08-27 - 18:01 | over 11 years |
0.3.13-a | MIT | 3 | 2012-08-27 - 17:14 | over 11 years |
0.3.12 | MIT | 3 | 2012-07-30 - 21:20 | almost 12 years |
0.3.11 | MIT | 3 | 2012-06-29 - 18:28 | almost 12 years |
0.3.10 | MIT | 3 | 2012-06-25 - 19:46 | almost 12 years |
0.3.9 | MIT | 3 | 2012-04-18 - 12:53 | about 12 years |
0.3.8 | MIT | 3 | 2012-04-06 - 19:26 | about 12 years |
0.3.7 | MIT | 3 | 2012-04-01 - 15:09 | about 12 years |
0.3.6 | MIT | 3 | 2012-03-29 - 03:15 | about 12 years |
0.3.5 | MIT | 3 | 2012-03-28 - 02:04 | about 12 years |
0.3.4 | MIT | 3 | 2012-03-27 - 01:36 | about 12 years |
0.3.3 | MIT | 3 | 2012-03-27 - 00:07 | about 12 years |
0.3.2 | MIT | 3 | 2012-03-26 - 02:24 | about 12 years |
0.3.1 | MIT | 3 | 2012-03-25 - 18:25 | about 12 years |
0.3.0 | MIT | 3 | 2012-03-23 - 19:58 | about 12 years |
0.2.15 | MIT | 3 | 2012-02-07 - 21:50 | about 12 years |
0.2.14 | MIT | 3 | 2012-02-03 - 13:48 | about 12 years |
0.2.13 | MIT | 3 | 2012-02-02 - 00:42 | over 12 years |
0.2.12 | MIT | 3 | 2012-02-01 - 19:26 | over 12 years |
0.2.11 | MIT | 3 | 2012-02-01 - 04:16 | over 12 years |
0.2.10 | MIT | 3 | 2012-02-01 - 02:10 | over 12 years |
0.2.9 | MIT | 3 | 2012-01-31 - 14:10 | over 12 years |
0.2.8 | MIT | 3 | 2012-01-30 - 21:56 | over 12 years |
0.2.7 | MIT | 3 | 2012-01-30 - 19:51 | over 12 years |
0.2.6 | MIT | 3 | 2012-01-30 - 03:35 | over 12 years |
0.2.5 | MIT | 3 | 2012-01-29 - 22:19 | over 12 years |
0.2.4 | MIT | 3 | 2012-01-23 - 22:51 | over 12 years |
0.2.3 | MIT | 3 | 2012-01-23 - 22:01 | over 12 years |
0.2.2 | MIT | 3 | 2012-01-23 - 01:53 | over 12 years |
0.2.1 | MIT | 3 | 2012-01-23 - 01:30 | over 12 years |
0.2.0 | MIT | 3 | 2012-01-22 - 17:32 | over 12 years |
0.1.2 | MIT | 3 | 2012-01-19 - 15:25 | over 12 years |
0.1.1 | MIT | 3 | 2012-01-19 - 15:01 | over 12 years |
0.1.0 | MIT | 3 | 2012-01-12 - 13:08 | over 12 years |