CVE-2020-7729

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7729
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7729.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-7729
Aliases
Downstream
Related
  • SNYK-JAVA-ORGWEBJARSNPM-607922
  • SNYK-JS-GRUNT-597546
Published
2020-09-03T09:15:10.360Z
Modified
2025-11-14T11:09:38.106603Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

References

Affected packages

Git / github.com/gruntjs/grunt

Affected ranges

Type
GIT
Repo
https://github.com/gruntjs/grunt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e350cea1724eb3476464561a380fb6a64e61e4e7

Affected versions

v0.*

v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5

v1.*

v1.0.0
v1.0.0-rc1
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7729.json"