Grunt prior to version 1.5.2 is vulnerable to path traversal.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-0436
- https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
- https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
- https://github.com/gruntjs/grunt/pull/1743
- https://github.com/gruntjs/grunt/commit/b0ec6e12426fc8d5720dee1702f6a67455c5986c
- https://github.com/advisories/GHSA-j383-35pm-c5h4