-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-0436 (High) detected in grunt-1.4.1.tgz #1450
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
high severity
High severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v1.3.2
v2.0.0
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Apr 13, 2022
tmarkley
added
high severity
High severity CVE
cve
Security vulnerabilities detected by Dependabot or Mend
labels
Apr 13, 2022
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Apr 13, 2022
* Addresses CVE-2022-0436. * [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG) Resolves opensearch-project#1450 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Apr 16, 2022
* Addresses CVE-2022-0436. * [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG) Resolves opensearch-project#1450 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
that referenced
this issue
Apr 18, 2022
* Addresses CVE-2022-0436. * [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG) Resolves #1450 Signed-off-by: Tommy Markley <markleyt@amazon.com>
tmarkley
pushed a commit
to tmarkley/OpenSearch-Dashboards
that referenced
this issue
Apr 28, 2022
* Addresses CVE-2022-0436. * [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG) Resolves opensearch-project#1450 Signed-off-by: Tommy Markley <markleyt@amazon.com>
1 task
tmarkley
pushed a commit
that referenced
this issue
Apr 29, 2022
* Addresses CVE-2022-0436. * [CHANGELOG](https://github.com/gruntjs/grunt/blob/v1.5.2/CHANGELOG) Resolves #1450 Signed-off-by: Tommy Markley <markleyt@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 29, 2023
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
8 tasks
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 29, 2023
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 29, 2023
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
ananzh
added a commit
to ananzh/OpenSearch-Dashboards
that referenced
this issue
Mar 30, 2023
Main bump grunt via this PR: opensearch-project#1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: opensearch-project#1579 opensearch-project#1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
joshuarrrr
added a commit
that referenced
this issue
Mar 31, 2023
) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this issue
Jun 28, 2023
) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 65deacb) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
ashwin-pc
pushed a commit
that referenced
this issue
Jun 30, 2023
) (#4435) Main bump grunt via this PR: #1580 In 1.x, bump grunt is different because v1.5.3 requires node>=8 and no breaking changes. This is the latest version with no node conflicts. grunt requires node>=16 sincev1.6.0 . Therefore, we should be very specific and limit the bump range. Issue Resolve: #1579 #1450 Signed-off-by: Anan Zhuang <ananzh@amazon.com> Co-authored-by: Josh Romero <rmerqg@amazon.com> (cherry picked from commit 65deacb) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
high severity
High severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v1.3.2
v2.0.0
CVE-2022-0436 - High Severity Vulnerability
Vulnerable Library - grunt-1.4.1.tgz
The JavaScript Task Runner
Library home page: https://registry.npmjs.org/grunt/-/grunt-1.4.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 1f013aefac1f138a222cc12ce7c617c2b3407847
Found in base branch: main
Vulnerability Details
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
Publish Date: 2022-04-12
URL: CVE-2022-0436
CVSS 3 Score Details (7.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436
Release Date: 2022-04-12
Fix Resolution: grunt - 1.5.2
The text was updated successfully, but these errors were encountered: