EPSS
Percentile
82.3%
grunt is vulnerable to arbitrary code execution. The library uses an insecure .load function from js-yaml by default and allows an attacker to inject and execute arbitrary code.
.load
github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
github.com/gruntjs/grunt/blob/v1.2.1/lib/grunt/file.js#L249
github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
lists.debian.org/debian-lts-announce/2020/09/msg00008.html
usn.ubuntu.com/4595-1/