Control: tag -1 confirmed On Wed, May 31, 2023 at 03:03:09PM +0400, Yadd wrote: > [ Reason ] > file.copy operations in GruntJS are vulnerable to a TOCTOU race condition > leading to arbitrary file write in GitHub repository gruntjs/grunt prior to > 1.5.3. This vulnerability is capable of arbitrary file writes which can lead > to local privilege escalation to the GruntJS user if a lower-privileged user > has write access to both source and destination directories as the > lower-privileged user can create a symlink to the GruntJS user's .bashrc > file or replace /etc/shadow file if the GruntJS user is root.
Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
