CVE-2022-0436 (Medium) detected in grunt-1.3.0.tgz #85

mend-for-github-com · 2022-04-14T19:21:08Z

CVE-2022-0436 - Medium Severity Vulnerability

Vulnerable Library - grunt-1.3.0.tgz

The JavaScript Task Runner

Library home page: https://registry.npmjs.org/grunt/-/grunt-1.3.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt

Dependency Hierarchy:

❌ grunt-1.3.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Publish Date: 2022-04-12

URL: CVE-2022-0436

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436

Release Date: 2022-04-12

Fix Resolution: 1.5.1

Check this box to open an automated fix PR

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 14, 2022

mend-for-github-com bot changed the title ~~CVE-2022-0436 (High) detected in grunt-1.3.0.tgz~~ CVE-2022-0436 (Medium) detected in grunt-1.3.0.tgz May 3, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-0436 (Medium) detected in grunt-1.3.0.tgz #85

CVE-2022-0436 (Medium) detected in grunt-1.3.0.tgz #85

mend-for-github-com bot commented Apr 14, 2022 •

edited

Loading

CVE-2022-0436 (Medium) detected in grunt-1.3.0.tgz #85

CVE-2022-0436 (Medium) detected in grunt-1.3.0.tgz #85

Comments

mend-for-github-com bot commented Apr 14, 2022 • edited Loading

CVE-2022-0436 - Medium Severity Vulnerability

mend-for-github-com bot commented Apr 14, 2022 •

edited

Loading