CVE-2020-7729
Arbitrary Code ExecutionThe package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
We have discovered 1 live websites that are affected by CVE-2020-7729.
Affected Software
| Product | |
| Category | JavaScript Libraries |
| Vulnerable Domains | 1 live websites (100% of grunt install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - Sep 3, 2020
- Updated - Sep 17, 2024
Credits
- Snyk Security Team
CVE References
Website Distribution by Country
Number of websites using CVE-2020-7729 Canada | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2020-7729| .com | 1 websites |
Websites affected by CVE-2020-7729
Top websites that are affected by CVE-2020-7729. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.com | Canada | ***,***,*** |
FAQ
References
- https://snyk.io/vuln/SNYK-JS-GRUNT-597546
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922
- https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
- https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
- https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html
- https://usn.ubuntu.com/4595-1/