Medium
CVE-2024-49939
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow…
Tag: Grunt
All CVEs associated with "Grunt". Page 1/1 • 10 CVEs.
About “Grunt”
A curated feed of “Grunt”-related CVEs appears below. We currently track 10 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.2 (all time), and 70% are rated High/Critical (all time). Top CWEs (all time): CWE-311 - Missing Encryption of Sensitive Data, CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition.
In our taxonomy this topic maps to a LOW impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: grunt
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 1.6 | 1.6.2 | - | ||
| 1.5 | 1.5.3 | Expired | ||
| 1.4 | 1.4.1 | Expired | ||
| 1.3 | 1.3.0 | Expired | ||
| 1.2 | 1.2.1 | Expired | ||
| 1.1 | 1.1.0 | Expired | ||
| 1.0 | 1.0.4 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Grunt” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-10-21
2022-10-14
Critical
CVE-2022-37602
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.
2022-07-17
Medium
CVE-2020-7641
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
2022-05-10
High
CVE-2022-1537
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary…
2022-04-12
Medium
CVE-2022-0436
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
2020-09-03
High
CVE-2020-7729
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside gr…
2018-06-04
High
CVE-2016-10645
grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution…
High
CVE-2016-10636
grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution…
2018-06-01
High
CVE-2016-10606
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible…
2018-05-31
High
CVE-2016-10526
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion…