Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2022-1537

Published: 10/05/2022 Updated: 05/04/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 615
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Grunt

Vulnerability Summary

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt before 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gruntjs grunt

Vendor Advisories

Red Hat:
filecopy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 153 This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destinatio ...
Arch Linux Issues:
filecopy operations in GruntJS are vulnerable to a TOC-TOU race condition leading to arbitrary file write when an attacker can create a symlink just after deletion of the dest symlink ...

Github Repositories

https://github.com/shawnhooper/restful-localized-scripts

WP REST API enhancement to return JSON arrays containing localized strings registered with WordPress' wp_localize_script() function

RESTful Localized Scripts Contributors: shooper Donate link: shawnhooperca/ Tags: javascript, i18n, api Requires at least: 44 Tested up to: 442 Stable tag: trunk License: GPLv2 or later License URI: wwwgnuorg/licenses/gpl-20html WP REST API enhancement to return JSON arrays containing localized strings registered with WordPress' wp_localize_script()

https://github.com/shawnhooper/wpml-rest-api

Adds links to posts in other languages into the results of a WP REST API query for sites running the WPML plugin.

WPML REST API Contributors: shooper Donate link: shawnhooperca/ Tags: wpml, api, rest Requires at least: 52 Tested up to: 642 Requires PHP: 74 Stable tag: trunk License: GPLv2 or later License URI: wwwgnuorg/licenses/gpl-20html Get translations details with the WP REST API on sites running WordPress & WPML Description This plugin adds links to pag

References

CWE-367https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4dhttps://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362baehttps://lists.debian.org/debian-lts-announce/2023/04/msg00006.htmlhttps://nvd.nist.govhttps://github.com/shawnhooper/restful-localized-scriptshttps://access.redhat.com/security/cve/cve-2022-1537
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook