CVE-2022-0436

NameCVE-2022-0436
DescriptionPath Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs1009676

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
grunt (PTS)buster1.0.1-8+deb10u1vulnerable
bullseye1.3.0-1vulnerable
bookworm, sid1.5.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gruntsourceexperimental1.5.2-1
gruntsource(unstable)1.5.2-21009676

Notes

[bullseye] - grunt <no-dsa> (Minor issue)
[buster] - grunt <no-dsa> (Minor issue)
[stretch] - grunt <no-dsa> (Minor issue)
https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 (v1.5.0)
https://github.com/gruntjs/grunt/pull/1740
https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b

Search for package or bug name: Reporting problems