CVE-2020-7729

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

Weakness

The product initializes or sets a resource with a default that is intended to be changed by the product’s installer, administrator, or maintainer, but the default is not secure.

Affected Software

Name	Vendor	Start Version	End Version
Grunt	Gruntjs	*	1.3.0 (excluding)
Grunt	Ubuntu	bionic	*
Grunt	Ubuntu	esm-apps/bionic	*
Grunt	Ubuntu	esm-apps/focal	*
Grunt	Ubuntu	focal	*
Grunt	Ubuntu	groovy	*
Grunt	Ubuntu	trusty	*
Grunt	Ubuntu	upstream	*

https://cwe.mitre.org/data/definitions/665.html

References

https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922
https://snyk.io/vuln/SNYK-JS-GRUNT-597546
https://usn.ubuntu.com/4595-1/
https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922
https://snyk.io/vuln/SNYK-JS-GRUNT-597546
https://usn.ubuntu.com/4595-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-7729
CWE	https://cwe.mitre.org/data/definitions/1188.html

Initialization of a Resource with an Insecure Default

Weakness

Affected Software

Related Attack Patterns

References