Vulnerabilities > CVE-2020-7729 - Insecure Default Initialization of Resource vulnerability in multiple products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

NVD

Published: 2020-09-03

Updated: 2022-11-16

Summary

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

Vulnerable Configurations

Part	Description	Count
Application	Gruntjs Gruntjs Grunt 0.4.0 Gruntjs Grunt 0.4.1 Gruntjs Grunt 0.4.2 Gruntjs Grunt 0.4.3 Gruntjs Grunt 0.4.4 Gruntjs Grunt 0.4.5 Gruntjs Grunt 1.0.0 Gruntjs Grunt 1.0.1 Gruntjs Grunt 1.0.2 Gruntjs Grunt 1.0.3 Gruntjs Grunt 1.0.4 Gruntjs Grunt 1.1.0 Gruntjs Grunt 1.2.0 Gruntjs Grunt 1.2.1	14
OS	Debian Debian Debian Linux 9.0	1
OS	Canonical Canonical Ubuntu Linux 18.04	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References