AZL-44379

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44379.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-44379

Upstream

CVE-2020-7729

Published

2020-09-03T09:15:10Z

Modified

2026-04-01T05:15:35.771795Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2020-7729 affecting package js-jquery 3.5.0-4

Details

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-7729

Affected packages

Azure Linux:3 / js-jquery

Package

Name: js-jquery
Purl: pkg:rpm/azure-linux/js-jquery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.5.0-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44379.json"