Debian 10225 Published by

A grunt security update has been released for Debian GNU/Linux 9 Extended LTS to address a symlink traversal issue.



ELA-672-1 grunt security update

Package grunt
Version 1.0.1-5+deb9u2 (stretch)
Related CVEs CVE-2022-0436

Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. In GruntJS, file.copy operations in GruntJS are not protected against symlink traversal for both source and destination directories.

For Debian 9 stretch, these problems have been fixed in version 1.0.1-5+deb9u2.

We recommend that you upgrade your grunt packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-672-1 grunt security update