CVE-2020-7729
npm/grunt
Insecure Default Initialization of Resource
The package grunt is vulnerable to Arbitrary Code Execution due to the default usage of the function load()
instead of its secure replacement safeLoad()
of the package js-yaml inside grunt.file.readYAML
.`
All versions before 1.3.0
Upgrade to version 1.3.0 or above.
2020-09-14
source |