Skip to main content

Insecure Default Initialization of Resource

CVE-2020-7729

Severity High
Score 7.1/10

Summary

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • LOW
  • HIGH
  • HIGH

CWE-1188 - Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References

Advisory Timeline

  • Published