CVE-2022-1537

Опубликовано: 10 мая 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.9

CVSS3: 7

Описание

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	1.5.3-2
esm-apps/bionic	released	1.0.1-8ubuntu0.1+esm1
esm-apps/focal	released	1.0.4-2ubuntu0.1~esm1
esm-apps/jammy	released	1.4.1-2ubuntu0.1~esm1
esm-apps/noble	not-affected	1.5.3-2
focal	ignored	end of standard support, was needed
impish	ignored	end of life
jammy	needed
kinetic	not-affected	1.5.3-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 48%

0.00248

Низкий

6.9 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

CVE-2022-1537

CVSS3: 7.8

redhat

больше 3 лет назад

CVE-2022-1537

CVSS3: 7

nvd

больше 3 лет назад

CVE-2022-1537

CVSS3: 7

debian

больше 3 лет назад

file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...

GHSA-rm36-94g8-835r

CVSS3: 7

github

больше 3 лет назад

Race Condition in Grunt

EPSS

Процентиль: 48%

0.00248

Низкий

6.9 Medium

CVSS2

7 High

CVSS3

CVE-2022-1537

Описание

Пакет grunt

Ссылки на источники

Связанные уязвимости