Bug#1036976: bullseye-pu: package grunt/1.3.0-1+deb11u2
Control: tag -1 confirmed
On Wed, May 31, 2023 at 03:03:09PM +0400, Yadd wrote:
> [ Reason ]
> file.copy operations in GruntJS are vulnerable to a TOCTOU race condition
> leading to arbitrary file write in GitHub repository gruntjs/grunt prior to
> 1.5.3. This vulnerability is capable of arbitrary file writes which can lead
> to local privilege escalation to the GruntJS user if a lower-privileged user
> has write access to both source and destination directories as the
> lower-privileged user can create a symlink to the GruntJS user's .bashrc
> file or replace /etc/shadow file if the GruntJS user is root.
Please go ahead.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: