CVE-2022-0436

low-risk
Published 2022-04-12

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Grunt

Affected Vendors

Gruntjs

References (6)

Patch https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
Exploit https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
https://lists.debian.org/debian-lts-announce/2023/04/msg00008.html
Patch https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
Exploit https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
https://lists.debian.org/debian-lts-announce/2023/04/msg00008.html
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal