Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-0436

Published: 12 April 2022

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
grunt Launchpad, Ubuntu, Debian	lunar	Not vulnerable (1.5.3-2)
	kinetic	Not vulnerable (1.5.3-1)
	trusty	Does not exist
	xenial	Does not exist
	bionic	Released (1.0.1-8ubuntu0.1+esm1) Available with Ubuntu Pro
	impish	Ignored (end of life)
	upstream	Released (1.5.2)
	focal	Released (1.0.4-2ubuntu0.1~esm1) Available with Ubuntu Pro
	jammy	Released (1.4.1-2ubuntu0.1~esm1) Available with Ubuntu Pro
	mantic	Not vulnerable (1.5.3-2)
	Patches: upstream: https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 upstream: https://github.com/gruntjs/grunt/commit/04b960e27151869312dd7e5686a7d39baa85ed0d upstream: https://github.com/gruntjs/grunt/commit/2e9161caa25c430fa8423cc14f5b67733c402bcd upstream: https://github.com/gruntjs/grunt/commit/47d32de552e9d8445f2b50f2dcf764510e84d24b upstream: https://github.com/gruntjs/grunt/commit/0652305f1b79dfdc85a9bd0f2e78ca1e9ae795f5 upstream: https://github.com/gruntjs/grunt/commit/433f91b78df99d83daa6f56a5505ead743627c30

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009676

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading