Componentpedia / Listings / grunt / 0.4.4

Last update: 05/02/2023

grunt

Grunt: The JavaScript Task Runner

Version: 0.4.4 registry icon
Safety score
50
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security Risks of Known Vulnerabilities
CVE-2022-1537
CWE-367
Threat level: HIGH | CVSS score: 7.0

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.


CVE-2022-0436
CWE-22
Threat level: MEDIUM | CVSS score: 5.5

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.


CVE-2020-7729
CWE-1188
Threat level: HIGH | CVSS score: 7.1

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.


Please note that this component is affected by other vulnerabilities
High  |  Medium  |  Low  |  Suggest

Latest safe major: 1.6.1 Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.


Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release:   0.4.5

Latest minor release:   --

Latest major release:   1.6.1

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT   -   MIT License

Not a wildcard

Not proprietary

OSI Compliant