NodeJS/grunt/1.5.1

The JavaScript Task Runner

https://www.npmjs.com/package/grunt
MIT

2 Security Vulnerabilities

Path Traversal in Grunt

Published date: 2022-04-13T00:00:16Z
CVE: CVE-2022-0436
Links:

Grunt prior to version 1.5.2 is vulnerable to path traversal.

Affected versions: ["0.1.0", "0.1.2", "0.2.0", "0.2.1", "0.2.2", "0.2.6", "0.2.12", "0.2.15", "0.3.0", "0.3.1", "0.3.2", "0.3.6", "0.3.11", "0.3.13", "0.3.15", "0.3.16", "0.3.17", "0.4.1", "0.4.4", "0.4.5", "1.0.0", "0.3.13-a", "0.4.0-rc5", "0.4.0-rc6", "0.4.0-rc8", "1.0.2", "1.1.0", "1.2.0", "1.2.1", "0.1.1", "0.2.3", "0.2.4", "0.2.5", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.13", "0.2.14", "0.3.3", "0.3.4", "0.3.5", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.12", "0.3.14", "0.4.0", "0.4.2", "0.4.3", "1.0.0-rc1", "1.0.1", "0.4.0-a", "0.4.0-rc1", "0.4.0-rc2", "0.4.0-rc3", "0.4.0-rc4", "0.4.0-rc7", "1.0.3", "1.0.4", "1.3.0", "1.4.0", "1.4.1", "1.5.0", "1.5.1"]
Secure versions: [1.5.3, 1.6.0, 1.6.1]
Recommendation: Update to version 1.6.1.

Race Condition in Grunt

Published date: 2022-05-11T00:01:37Z
CVE: CVE-2022-1537
Links:

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Affected versions: ["0.1.0", "0.1.2", "0.2.0", "0.2.1", "0.2.2", "0.2.6", "0.2.12", "0.2.15", "0.3.0", "0.3.1", "0.3.2", "0.3.6", "0.3.11", "0.3.13", "0.3.15", "0.3.16", "0.3.17", "0.4.1", "0.4.4", "0.4.5", "1.0.0", "0.3.13-a", "0.4.0-rc5", "0.4.0-rc6", "0.4.0-rc8", "1.0.2", "1.1.0", "1.2.0", "1.2.1", "0.1.1", "0.2.3", "0.2.4", "0.2.5", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.13", "0.2.14", "0.3.3", "0.3.4", "0.3.5", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.12", "0.3.14", "0.4.0", "0.4.2", "0.4.3", "1.0.0-rc1", "1.0.1", "0.4.0-a", "0.4.0-rc1", "0.4.0-rc2", "0.4.0-rc3", "0.4.0-rc4", "0.4.0-rc7", "1.0.3", "1.0.4", "1.3.0", "1.4.0", "1.4.1", "1.5.0", "1.5.1", "1.5.2"]
Secure versions: [1.5.3, 1.6.0, 1.6.1]
Recommendation: Update to version 1.6.1.

71 Other Versions

Version License Security Released
0.3.1 MIT 3 2012-03-25 - 18:25 over 13 years
0.3.0 MIT 3 2012-03-23 - 19:58 over 13 years
0.2.15 MIT 3 2012-02-07 - 21:50 over 13 years
0.2.14 MIT 3 2012-02-03 - 13:48 over 13 years
0.2.13 MIT 3 2012-02-02 - 00:42 over 13 years
0.2.12 MIT 3 2012-02-01 - 19:26 over 13 years
0.2.11 MIT 3 2012-02-01 - 04:16 over 13 years
0.2.10 MIT 3 2012-02-01 - 02:10 over 13 years
0.2.9 MIT 3 2012-01-31 - 14:10 over 13 years
0.2.8 MIT 3 2012-01-30 - 21:56 over 13 years
0.2.7 MIT 3 2012-01-30 - 19:51 over 13 years
0.2.6 MIT 3 2012-01-30 - 03:35 over 13 years
0.2.5 MIT 3 2012-01-29 - 22:19 over 13 years
0.2.4 MIT 3 2012-01-23 - 22:51 over 13 years
0.2.3 MIT 3 2012-01-23 - 22:01 over 13 years
0.2.2 MIT 3 2012-01-23 - 01:53 over 13 years
0.2.1 MIT 3 2012-01-23 - 01:30 over 13 years
0.2.0 MIT 3 2012-01-22 - 17:32 over 13 years
0.1.2 MIT 3 2012-01-19 - 15:25 over 13 years
0.1.1 MIT 3 2012-01-19 - 15:01 over 13 years
0.1.0 MIT 3 2012-01-12 - 13:08 over 13 years