CVE-2020-7729 Vulnerability Details

  /     /     /  

CVE-2020-7729 Metadata Quick Info

CVE Published: 03/09/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: snyk | Vendor: n/a | Product: grunt
Status : PUBLISHED

---

CVE-2020-7729 Description

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

Metrics

CVSS Version: 3.1 | Base Score: 7.1 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/RL:O

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Arbitrary Code Execution
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).