grunt@0.2.2 vulnerabilities

The JavaScript Task Runner

Direct Vulnerabilities

Known vulnerabilities in the grunt package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Race Condition

grunt is a JavaScript task runner.

Affected versions of this package are vulnerable to Race Condition via the file.copy operations. Exploiting this vulnerability leads to arbitrary file writing when an attacker can create a symlink just after deletion of the destination symlink, but right before the symlink is being written.

How to fix Race Condition?

Upgrade grunt to version 1.5.3 or higher.

<1.5.3
  • M
Directory Traversal

grunt is a JavaScript task runner.

Affected versions of this package are vulnerable to Directory Traversal via creation of a symlink to a restricted file, if a local attacker has write access to the source directory of file.copy

How to fix Directory Traversal?

Upgrade grunt to version 1.5.0 or higher.

<1.5.0
  • H
Arbitrary Code Execution

grunt is a JavaScript task runner.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

How to fix Arbitrary Code Execution?

Upgrade grunt to version 1.3.0 or higher.

<1.3.0