CVEs-PoC/2020/CVE-2020-7729.md at 860e02050fe0cfa14d092faefbaafd5bd449bbcb

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-24 07:34:01 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

POC

Reference

https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7

Github

https://github.com/404notf0und/CVE-Flow
https://github.com/ARPSyndicate/cvemon
https://github.com/HotDB-Community/HotDB-Engine
https://github.com/Live-Hack-CVE/CVE-2020-7729
https://github.com/cdcavell/cdcavell.name
https://github.com/cdcavell/old
https://github.com/shawnhooper/restful-localized-scripts
https://github.com/shawnhooper/wpml-rest-api
https://github.com/tmalbonph/grunt-swagger-tools

1.1 KiB Raw Blame History

CVE-2020-7729

Description

POC

Reference

Github

1.1 KiB

Raw Blame History