CVE-2022-1537
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/gruntfile.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
We have discovered 1 live websites that are affected by CVE-2022-1537.
Affected Software
| Product | |
| Category | JavaScript Libraries |
| Vulnerable Domains | 1 live websites (100% of grunt install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-367 Time-of-check Time-of-use (TOCTOU) Race ConditionDetails
- Published - May 10, 2022
- Updated - Aug 3, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-1537 Canada | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2022-1537| .com | 1 websites |
Websites affected by CVE-2022-1537
Top websites that are affected by CVE-2022-1537. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | Canada | ***,***,*** |
FAQ
CVE-2022-1537 is Time-of-check Time-of-use (TOCTOU) Race Condition in grunt
A total of 1 websites have been identified as vulnerable to CVE-2022-1537, based on global website indexing conducted by WebTechSurvey.
The grunt is affected by the CVE-2022-1537 vulnerability.
grunt versions up to 1.5.3 are vulnerable to CVE-2022-1537.
CVE-2022-1537 is resolved in version 1.5.3 of grunt.