Опубликовано: 03 сент. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.6
CVSS3: 7.1
Описание
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.0.1-8ubuntu0.1 |
| devel | not-affected | 1.3.0-1 |
| esm-apps/bionic | released | 1.0.1-8ubuntu0.1 |
| esm-apps/focal | released | 1.0.4-2ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 1.3.0-1 |
| esm-apps/noble | not-affected | 1.3.0-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
| hirsute | not-affected | 1.3.0-1 |
Показывать по
10
EPSS
Процентиль: 87%
0.03584
Низкий
4.6 Medium
CVSS2
7.1 High
CVSS3
Связанные уязвимости
CVSS3: 7.1
nvd
больше 5 лет назад
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVSS3: 7.1
debian
больше 5 лет назад
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...
EPSS
Процентиль: 87%
0.03584
Низкий
4.6 Medium
CVSS2
7.1 High
CVSS3