CVE-2022-1537

Name
CVE-2022-1537
Description
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
MISC https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
MLIST https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gruntjs:grunt:*:*:*:*:*:node.js:*:* grunt >= None < 1.5.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status