Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt
Vulnerability Description
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.
CVSS Information
N/A
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Grunt 安全漏洞
Vulnerability Description
Grunt是一个 JavaScript 任务运行器。 Grunt 1.5.3之前版本存在安全漏洞,该漏洞源于file.copy容易受到TOCTOU的影响攻击者利用该漏洞执行任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A