The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-09-03T09:00:15.371797Z
Updated: 2024-09-17T01:45:50.965Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7729
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-03T09:15:10.360
Modified: 2022-11-16T14:05:18.333
Link: CVE-2020-7729
Redhat
No data.