Lucene search
AnonymousNODEJS:1684HistoryMay 06, 2021 - 6:28 p.m.
Arbitrary Code Execution in grunt
2021-05-0618:28:27
Anonymous
www.npmjs.com
60
arbitrary code execution
grunt
vulnerable
upgrade
js-yaml
EPSS
0.009
Percentile
82.3%
Overview
Versions of grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
Recommendation
Upgrade to version 1.3.0 or later
References
Related
debiancve
debiancve
CVE-2020-7729
2020-09-03 09:15:10
osv
osv
grunt - security update
2020-09-09 00:00:00
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
grunt vulnerability
2020-10-20 20:49:50
openvas
openvas
Debian: Security Advisory (DLA-2368-1)
2020-09-10 00:00:00
Ubuntu: Security Advisory (USN-4595-1)
2020-10-21 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
nessus
nessus
Debian DLA-2368-1 : grunt security update
2020-09-10 00:00:00
Ubuntu 18.04 LTS : Grunt vulnerability (USN-4595-1)
2020-10-20 00:00:00
cve
cve
CVE-2020-7729
2020-09-03 09:15:10
debian
debian
[SECURITY] [DLA 2368-1] grunt security update
2020-09-09 11:38:48
prion
prion
Code injection
2020-09-03 09:15:00
nvd
nvd
CVE-2020-7729
2020-09-03 09:15:10
veracode
veracode
Arbtirary Code Execution
2020-08-26 03:48:47
ubuntucve
ubuntucve
CVE-2020-7729
2020-09-03 00:00:00
github
github
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
ubuntu
ubuntu
Grunt vulnerability
2020-10-20 00:00:00
Grunt vulnerabilities
2023-02-07 00:00:00
cvelist
cvelist
CVE-2020-7729 Arbitrary Code Execution
2020-09-03 09:00:15
