CVE-2022-1537

NameCVE-2022-1537
Descriptionfile.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
grunt (PTS)stretch1.0.1-5vulnerable
stretch (security)1.0.1-5+deb9u1vulnerable
buster1.0.1-8+deb10u1vulnerable
bullseye1.3.0-1vulnerable
bookworm, sid1.5.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gruntsource(unstable)1.5.3-1

Notes

https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/
https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3)

Search for package or bug name: Reporting problems