CVE-2020-7729 · CVEKit

cve.orgen

217 chars

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

NVDen

217 chars

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

OSV.deven

217 chars

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

GHSAen

217 chars

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

NVDes

240 chars

El paquete grunt versiones anteriores a 1.3.0, es vulnerable a una ejecución de código arbitraria debido al uso predeterminado de la función load() en lugar de su reemplazo seguro safeLoad() del paquete js-yaml dentro de grunt.file.readYAML

CVSS metrics across sources

4

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/RL:O