CVEs-PoC/2020/CVE-2020-7729.md at 308892f4eceb01ccf3a242ef565edc4e9cb862fd

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-10 07:47:42 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

POC

Reference

https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7

Github

https://github.com/404notf0und/CVE-Flow
https://github.com/ARPSyndicate/cvemon
https://github.com/HotDB-Community/HotDB-Engine
https://github.com/Live-Hack-CVE/CVE-2020-7729
https://github.com/cdcavell/cdcavell.name
https://github.com/cdcavell/old
https://github.com/shawnhooper/restful-localized-scripts
https://github.com/shawnhooper/wpml-rest-api
https://github.com/tmalbonph/grunt-swagger-tools

1.1 KiB Raw Blame History

CVE-2020-7729

Description

POC

Reference

Github

1.1 KiB

Raw Blame History