CVE-2020-7729: Insecure Default Initialization of Resource

September 3, 2020 (updated October 27, 2020)

The package grunt is vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.`

References

nvd.nist.gov/vuln/detail/CVE-2020-7729

Detect and mitigate CVE-2020-7729 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →