Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2022-0436

Published: 12 April 2022

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Priority

High

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
grunt
Launchpad, Ubuntu, Debian
lunar Not vulnerable
(1.5.3-2)
kinetic Not vulnerable
(1.5.3-1)
trusty Does not exist

xenial Does not exist

bionic
Released (1.0.1-8ubuntu0.1+esm1)
Available with Ubuntu Pro
impish Ignored
(end of life)
upstream
Released (1.5.2)
focal
Released (1.0.4-2ubuntu0.1~esm1)
Available with Ubuntu Pro
jammy
Released (1.4.1-2ubuntu0.1~esm1)
Available with Ubuntu Pro
mantic Not vulnerable
(1.5.3-2)
Patches:
upstream: https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
upstream: https://github.com/gruntjs/grunt/commit/04b960e27151869312dd7e5686a7d39baa85ed0d
upstream: https://github.com/gruntjs/grunt/commit/2e9161caa25c430fa8423cc14f5b67733c402bcd
upstream: https://github.com/gruntjs/grunt/commit/47d32de552e9d8445f2b50f2dcf764510e84d24b
upstream: https://github.com/gruntjs/grunt/commit/0652305f1b79dfdc85a9bd0f2e78ca1e9ae795f5
upstream: https://github.com/gruntjs/grunt/commit/433f91b78df99d83daa6f56a5505ead743627c30

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N