1.4.1

Last update: 05/02/2023

grunt

Grunt: The JavaScript Task Runner

Version: 1.4.1

Safety score

Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.

De-risk your app now

Security Risks of Known Vulnerabilities

CVE-2022-1537
CWE-367
Threat level: HIGH | CVSS score: 7.0

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

CVE-2022-0436
CWE-22
Threat level: MEDIUM | CVSS score: 5.5

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Please note that this component is affected by other vulnerabilities
High | Medium | Low | Suggest

Latest safe minor: 1.6.1 Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.

Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release: --

Latest minor release: 1.6.1

Latest major release: --

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT - MIT License

Not a wildcard

Not proprietary

OSI Compliant