NodeJS/grunt/0.3.6


The JavaScript Task Runner

https://www.npmjs.com/package/grunt
MIT

3 Security Vulnerabilities

Path Traversal in Grunt

Published date: 2022-04-13T00:00:16Z
CVE: CVE-2022-0436
Links:

Grunt prior to version 1.5.2 is vulnerable to path traversal.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.11", "0.3.12", "0.3.13", "0.3.14", "0.3.15", "0.3.16", "0.3.17", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "1.0.0-rc1", "1.0.0", "1.0.1", "0.3.13-a", "0.4.0-a", "0.4.0-rc1", "0.4.0-rc2", "0.4.0-rc3", "0.4.0-rc4", "0.4.0-rc5", "0.4.0-rc6", "0.4.0-rc7", "0.4.0-rc8", "1.0.2", "1.0.3", "1.0.4", "1.1.0", "1.2.0", "1.2.1", "1.3.0", "1.4.0", "1.4.1", "1.5.0", "1.5.1"]
Secure versions: [1.5.3, 1.6.0, 1.6.1]
Recommendation: Update to version 1.6.1.

Arbitrary Code Execution in grunt

Published date: 2021-05-06T18:27:18Z
CVE: CVE-2020-7729
Links:

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.11", "0.3.12", "0.3.13", "0.3.14", "0.3.15", "0.3.16", "0.3.17", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "1.0.0-rc1", "1.0.0", "1.0.1", "0.3.13-a", "0.4.0-a", "0.4.0-rc1", "0.4.0-rc2", "0.4.0-rc3", "0.4.0-rc4", "0.4.0-rc5", "0.4.0-rc6", "0.4.0-rc7", "0.4.0-rc8", "1.0.2", "1.0.3", "1.0.4", "1.1.0", "1.2.0", "1.2.1"]
Secure versions: [1.5.3, 1.6.0, 1.6.1]
Recommendation: Update to version 1.6.1.

Race Condition in Grunt

Published date: 2022-05-11T00:01:37Z
CVE: CVE-2022-1537
Links:

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.11", "0.3.12", "0.3.13", "0.3.14", "0.3.15", "0.3.16", "0.3.17", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "1.0.0-rc1", "1.0.0", "1.0.1", "0.3.13-a", "0.4.0-a", "0.4.0-rc1", "0.4.0-rc2", "0.4.0-rc3", "0.4.0-rc4", "0.4.0-rc5", "0.4.0-rc6", "0.4.0-rc7", "0.4.0-rc8", "1.0.2", "1.0.3", "1.0.4", "1.1.0", "1.2.0", "1.2.1", "1.3.0", "1.4.0", "1.4.1", "1.5.0", "1.5.1", "1.5.2"]
Secure versions: [1.5.3, 1.6.0, 1.6.1]
Recommendation: Update to version 1.6.1.

71 Other Versions

Version License Security Released
1.6.1 MIT 2023-01-31 - 15:11 about 1 year
1.6.0 MIT 2023-01-29 - 01:40 about 1 year
1.5.3 MIT 2022-05-10 - 12:06 almost 2 years
1.5.2 MIT 1 2022-04-12 - 11:58 almost 2 years
1.5.1 MIT 2 2022-04-11 - 15:17 almost 2 years
1.5.0 MIT 2 2022-04-11 - 03:27 almost 2 years
1.4.1 MIT 2 2021-05-24 - 14:25 almost 3 years
1.4.0 MIT 2 2021-04-22 - 15:30 almost 3 years
1.3.0 MIT 2 2020-08-18 - 19:48 over 3 years
1.2.1 MIT 3 2020-07-07 - 14:27 over 3 years
1.2.0 MIT 3 2020-07-03 - 18:00 over 3 years
1.1.0 MIT 3 2020-03-17 - 02:37 about 4 years
1.0.4 MIT 3 2019-03-22 - 18:50 about 5 years
1.0.3 MIT 3 2018-06-04 - 00:25 almost 6 years
1.0.2 MIT 3 2018-02-07 - 21:43 about 6 years
1.0.1 MIT 3 2016-04-05 - 18:16 almost 8 years
1.0.0 MIT 3 2016-04-04 - 23:26 almost 8 years
1.0.0-rc1 MIT 3 2016-02-11 - 18:06 about 8 years
0.4.5 MIT 3 2014-05-12 - 17:45 almost 10 years
0.4.4 MIT 3 2014-03-12 - 20:28 about 10 years
0.4.3 MIT 3 2014-03-07 - 22:00 about 10 years
0.4.2 MIT 3 2013-11-21 - 20:52 over 10 years
0.4.1 MIT 3 2013-03-13 - 14:17 about 11 years
0.4.0 MIT 3 2013-02-18 - 17:27 about 11 years
0.4.0-a MIT 3 2012-12-05 - 15:23 over 11 years
0.4.0-rc8 MIT 3 2013-02-14 - 01:07 about 11 years
0.4.0-rc7 MIT 3 2013-01-21 - 21:31 about 11 years
0.4.0-rc6 MIT 3 2013-01-18 - 15:53 about 11 years
0.4.0-rc5 MIT 3 2013-01-09 - 19:24 about 11 years
0.4.0-rc4 MIT 3 2012-12-17 - 22:17 over 11 years
0.4.0-rc3 MIT 3 2012-12-12 - 23:08 over 11 years
0.4.0-rc2 MIT 3 2012-12-10 - 20:51 over 11 years
0.4.0-rc1 MIT 3 2012-12-07 - 21:38 over 11 years
0.3.17 MIT 3 2012-10-15 - 20:44 over 11 years
0.3.16 MIT 3 2012-10-02 - 19:43 over 11 years
0.3.15 MIT 3 2012-09-04 - 18:29 over 11 years
0.3.14 MIT 3 2012-08-29 - 20:55 over 11 years
0.3.13 MIT 3 2012-08-27 - 18:01 over 11 years
0.3.13-a MIT 3 2012-08-27 - 17:14 over 11 years
0.3.12 MIT 3 2012-07-30 - 21:20 over 11 years
0.3.11 MIT 3 2012-06-29 - 18:28 over 11 years
0.3.10 MIT 3 2012-06-25 - 19:46 almost 12 years
0.3.9 MIT 3 2012-04-18 - 12:53 almost 12 years
0.3.8 MIT 3 2012-04-06 - 19:26 almost 12 years
0.3.7 MIT 3 2012-04-01 - 15:09 almost 12 years
0.3.6 MIT 3 2012-03-29 - 03:15 almost 12 years
0.3.5 MIT 3 2012-03-28 - 02:04 about 12 years
0.3.4 MIT 3 2012-03-27 - 01:36 about 12 years
0.3.3 MIT 3 2012-03-27 - 00:07 about 12 years
0.3.2 MIT 3 2012-03-26 - 02:24 about 12 years
0.3.1 MIT 3 2012-03-25 - 18:25 about 12 years
0.3.0 MIT 3 2012-03-23 - 19:58 about 12 years
0.2.15 MIT 3 2012-02-07 - 21:50 about 12 years
0.2.14 MIT 3 2012-02-03 - 13:48 about 12 years
0.2.13 MIT 3 2012-02-02 - 00:42 about 12 years
0.2.12 MIT 3 2012-02-01 - 19:26 about 12 years
0.2.11 MIT 3 2012-02-01 - 04:16 about 12 years
0.2.10 MIT 3 2012-02-01 - 02:10 about 12 years
0.2.9 MIT 3 2012-01-31 - 14:10 about 12 years
0.2.8 MIT 3 2012-01-30 - 21:56 about 12 years
0.2.7 MIT 3 2012-01-30 - 19:51 about 12 years
0.2.6 MIT 3 2012-01-30 - 03:35 about 12 years
0.2.5 MIT 3 2012-01-29 - 22:19 about 12 years
0.2.4 MIT 3 2012-01-23 - 22:51 about 12 years
0.2.3 MIT 3 2012-01-23 - 22:01 about 12 years
0.2.2 MIT 3 2012-01-23 - 01:53 about 12 years
0.2.1 MIT 3 2012-01-23 - 01:30 about 12 years
0.2.0 MIT 3 2012-01-22 - 17:32 about 12 years
0.1.2 MIT 3 2012-01-19 - 15:25 about 12 years
0.1.1 MIT 3 2012-01-19 - 15:01 about 12 years
0.1.0 MIT 3 2012-01-12 - 13:08 about 12 years