Control: tags -1 + confirmed On Sun, 2020-09-06 at 23:50 +0200, Xavier Guimard wrote: > grunt is vulnerable to a medium CVE (CVE-2020-7729, #969668) > > [ Impact ] > The package grunt before 1.3.0 are vulnerable to Arbitrary Code > Execution due to the default usage of the function load() instead of > its secure replacement safeLoad() of the package js-yaml inside > grunt.file.readYAML.
Please go ahead. Regards, Adam
