Lucene search
GoogleOSV:GHSA-M5PJ-VJJF-4M3HHistoryMay 06, 2021 - 6:27 p.m.
Arbitrary Code Execution in grunt
2021-05-0618:27:18
Google
osv.dev
12
arbitrary code execution
grunt
package
js-yaml
vulnerable
default usage
secure replacement
safeload
file readyaml
EPSS
0.009
Percentile
82.3%
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
References
github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
lists.debian.org/debian-lts-announce/2020/09/msg00008.html
nvd.nist.gov/vuln/detail/CVE-2020-7729
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922
snyk.io/vuln/SNYK-JS-GRUNT-597546
usn.ubuntu.com/4595-1
Related
osv
osv
grunt - security update
2020-09-09 00:00:00
grunt vulnerability
2020-10-20 20:49:50
CVE-2020-7729
2020-09-03 09:15:10
debiancve
debiancve
CVE-2020-7729
2020-09-03 09:15:10
openvas
openvas
Debian: Security Advisory (DLA-2368-1)
2020-09-10 00:00:00
Ubuntu: Security Advisory (USN-4595-1)
2020-10-21 00:00:00
Ubuntu: Security Advisory (USN-5847-1)
2023-02-08 00:00:00
nessus
nessus
Debian DLA-2368-1 : grunt security update
2020-09-10 00:00:00
Ubuntu 18.04 LTS : Grunt vulnerability (USN-4595-1)
2020-10-20 00:00:00
nodejs
nodejs
Arbitrary Code Execution in grunt
2021-05-06 18:28:27
cve
cve
CVE-2020-7729
2020-09-03 09:15:10
debian
debian
[SECURITY] [DLA 2368-1] grunt security update
2020-09-09 11:38:48
prion
prion
Code injection
2020-09-03 09:15:00
nvd
nvd
CVE-2020-7729
2020-09-03 09:15:10
veracode
veracode
Arbtirary Code Execution
2020-08-26 03:48:47
ubuntucve
ubuntucve
CVE-2020-7729
2020-09-03 00:00:00
github
github
Arbitrary Code Execution in grunt
2021-05-06 18:27:18
ubuntu
ubuntu
Grunt vulnerability
2020-10-20 00:00:00
Grunt vulnerabilities
2023-02-07 00:00:00
cvelist
cvelist
CVE-2020-7729 Arbitrary Code Execution
2020-09-03 09:00:15
