Bulk vulnerability fix - Lockfile fix

[debricked]

Bulk vulnerability fix - Lockfile fix

This pull request will update your transitive dependencies within the allowed version intervals provided by your direct dependencies.

Fixed vulnerabilities:

CVE–2022–0436

• Description

  Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

  NVD

  Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

  GitHub

  Path Traversal in Grunt

  Grunt prior to version 1.5.2 is vulnerable to path traversal.

• CVSS details - 5.5

   

  CVSS3 metrics
  Attack Vector	Local
  Attack Complexity	Low
  Privileges Required	Low
  User interaction	None
  Scope	Unchanged
  Confidentiality	High
  Integrity	None
  Availability	None

• References

      NVD - CVE-2022-0436
      Path Traversal vulnerability found in grunt
      Update dependencies, tests... · gruntjs/grunt@aad3d45 · GitHub
      grunt/file.js at e86db1c22beb712ae6a504c864fa52425f0724fb · gruntjs/grunt · GitHub
      Add a security policy · Issue #1738 · gruntjs/grunt · GitHub
      GitHub - gruntjs/grunt: Grunt: The JavaScript Task Runner
      Merge pull request #1743 from gruntjs/cleanup-link · gruntjs/grunt@b0ec6e1 · GitHub
      Path Traversal in Grunt · CVE-2022-0436 · GitHub Advisory Database · GitHub
      Clean up link handling by vladikoff · Pull Request #1743 · gruntjs/grunt · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more at Debricked

 

[ghost]

CodeSee Review Map:

Review in an interactive map

View more CodeSee Maps

Legend