ELA-672-1 grunt security update

path traversal

2022-09-04
Packagegrunt
Version1.0.1-5+deb9u2 (stretch)
Related CVEs CVE-2022-0436


Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. In GruntJS, file.copy operations in GruntJS are not protected against symlink traversal for both source and destination directories.



For Debian 9 stretch, these problems have been fixed in version 1.0.1-5+deb9u2.

We recommend that you upgrade your grunt packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support