CVE-2020-7729

Arbitrary Code Execution

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

El paquete grunt versiones anteriores a 1.3.0, es vulnerable a una ejecución de código arbitraria debido al uso predeterminado de la función load() en lugar de su reemplazo seguro safeLoad() del paquete js-yaml dentro de grunt.file.readYAML

It was discovered that Grunt was not properly loading YAML files before parsing them. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Grunt was not properly handling symbolic links when performing file copy operations. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.

*Credits: Snyk Security Team

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-21 CVE Reserved
2020-09-03 CVE Published
2024-09-17 CVE Updated
2024-09-17 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-1188: Initialization of a Resource with an Insecure Default

CAPEC

References (6)

URL	Tag	Source
https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249	Broken Link
https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html	Mailing List
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922	Third Party Advisory

URL	Date	SRC
https://snyk.io/vuln/SNYK-JS-GRUNT-597546	2024-09-17

URL	Date	SRC
https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7	2022-11-16

URL	Date	SRC
https://usn.ubuntu.com/4595-1	2022-11-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gruntjs Search vendor "Gruntjs"		Grunt Search vendor "Gruntjs" for product "Grunt"				< 1.3.0 Search vendor "Gruntjs" for product "Grunt" and version " < 1.3.0"		node.js		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected