CVE-2020-7729

Published September 3rd, 2020

View on NVD ↗

CVSS v3

7.1

HIGH

CVSS v2

4.6

MEDIUM

Affected

PROJECT

Description

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

gruntjs/grunt

Grunt: The JavaScript Task Runner

GitHub

12.2K