Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-0436

Published: 12 April 2022

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Priority

High

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
grunt
Launchpad, Ubuntu, Debian 		bionic
Released (1.0.1-8ubuntu0.1+esm1)
Available with Ubuntu Pro
focal
Released (1.0.4-2ubuntu0.1~esm1)
Available with Ubuntu Pro
impish Ignored
(end of life)
jammy
Released (1.4.1-2ubuntu0.1~esm1)
Available with Ubuntu Pro
kinetic Not vulnerable
(1.5.3-1)
lunar Not vulnerable
(1.5.3-2)
mantic Not vulnerable
(1.5.3-2)
trusty Does not exist

upstream
Released (1.5.2)
xenial Does not exist

Patches:
upstream: https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
upstream: https://github.com/gruntjs/grunt/commit/04b960e27151869312dd7e5686a7d39baa85ed0d
upstream: https://github.com/gruntjs/grunt/commit/2e9161caa25c430fa8423cc14f5b67733c402bcd
upstream: https://github.com/gruntjs/grunt/commit/47d32de552e9d8445f2b50f2dcf764510e84d24b
upstream: https://github.com/gruntjs/grunt/commit/0652305f1b79dfdc85a9bd0f2e78ca1e9ae795f5
upstream: https://github.com/gruntjs/grunt/commit/433f91b78df99d83daa6f56a5505ead743627c30

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading