CVE-2020-7729

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-7729
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7729.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7729
Aliases
Downstream
Related
Published
2020-09-03T09:15:10.360Z
Modified
2026-03-15T22:36:30.630136Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

References

Affected packages

Git / github.com/gruntjs/grunt

Affected ranges

Type
GIT
Repo
https://github.com/gruntjs/grunt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6f49017a394db9a7573ba402db87602e05fb9368
Fixed
e350cea1724eb3476464561a380fb6a64e61e4e7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.0"
        }
    ]
}

Affected versions

v0.*
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v1.*
v1.0.0
v1.0.0-rc1
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7729.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]