{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T20:36:55.119","vulnerabilities":[{"cve":{"id":"CVE-2022-1537","sourceIdentifier":"security@huntr.dev","published":"2022-05-10T14:15:08.403","lastModified":"2024-11-21T06:40:55.490","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root."},{"lang":"es","value":"Las operaciones file.copy en GruntJS son vulnerables a una condición de carrera TOCTOU conllevando una escritura arbitraria de archivos en el repositorio de GitHub gruntjs/grunt versiones anteriores a 1.5.3. Esta vulnerabilidad es capaz de realizar escrituras arbitrarias en archivos que pueden conllevar a una escalada de privilegios local para el usuario de GruntJS si un usuario menos privilegiado presenta acceso de escritura a los directorios de origen y destino, ya que el usuario menos privilegiado puede crear un enlace simbólico al archivo .bashrc del usuario de GruntJS o reemplazar el archivo /etc/shadow si el usuario de GruntJS es root"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gruntjs:grunt:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.5.3","matchCriteriaId":"2DEB7266-CC60-4BB6-B049-6D47F068BD83"}]}]}],"references":[{"url":"https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae","source":"security@huntr.dev","tags":["Patch","Technical Description"]},{"url":"https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d","source":"security@huntr.dev","tags":["Exploit","Issue Tracking","Patch","Technical Description"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html","source":"security@huntr.dev"},{"url":"https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Technical Description"]},{"url":"https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Technical Description"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}