CVE-2022-1537

Description

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

How to fix CVE-2022-1537

To remediate CVE-2022-1537, upgrade the affected package to a fixed version below.

• —upgrade to 1.3.0-1+deb11u2 or later
• —upgrade to 1.0.1-8+deb10u2 or later
• —upgrade to 1.5.3 or later

Is CVE-2022-1537 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 1.3.0-1+deb11u2
• from 0, < 1.0.1-8+deb10u2
• from 0, < 1.5.3

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-1537
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-1537
• PATCHgithub.com/gruntjs/grunt
• WEBgithub.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
• WEB