Identifier

CVE-2020-7729

Package Slug

npm/grunt

Vulnerability

Insecure Default Initialization of Resource

Description

The package grunt is vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

Affected Versions

All versions before 1.3.0

Solution

Upgrade to version 1.3.0 or above.

Last Modified

2020-09-14

source