ELA-672-1 grunt security update

path traversal

Version1.0.1-5+deb9u2 (stretch)
Related CVEs CVE-2022-0436

Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. In GruntJS, file.copy operations in GruntJS are not protected against symlink traversal for both source and destination directories.

For Debian 9 stretch, these problems have been fixed in version 1.0.1-5+deb9u2.

We recommend that you upgrade your grunt packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.