CVE-2020-7729
Insecure Default Initialization of Resource in npm/grunt
Identifiers
CVE-2020-7729
Package Slug
npm/grunt
Vulnerability
Insecure Default Initialization of Resource
Description
The package grunt is vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.`
Affected Versions
All versions before 1.3.0
Solution
Upgrade to version 1.3.0 or above.
Last Modified
2020-09-14
| source |