Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Medium severity - Race Condition vulnerability in grunt (package.json) #73

Open
github-actions bot opened this issue Apr 4, 2023 · 0 comments
Open

Medium severity - Race Condition vulnerability in grunt (package.json) #73

github-actions bot opened this issue Apr 4, 2023 · 0 comments

Comments

@github-actions
Copy link

github-actions bot commented Apr 4, 2023

  • Package Manager: npm
  • Vulnerable module: grunt
  • Introduced through: juice-shop@12.3.0 and grunt@1.4.1

Detailed paths

  • Introduced through: juice-shop@12.3.0 › grunt@1.4.1

Overview

grunt is a JavaScript task runner.
Affected versions of this package are vulnerable to Race Condition via the file.copy operations. Exploiting this vulnerability leads to arbitrary file writing when an attacker can create a symlink just after deletion of the destination symlink, but right before the symlink is being written.

Remediation

Upgrade grunt to version 1.5.3 or higher.

References
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants