Grunt 1.3.0 Security Vulnerability

48 views
Skip to first unread message

fuller.daniel

unread,
May 10, 2021, 1:29:33 PM5/10/21
to omh-developers
Hi all,

Quick note that Github released a note that there is a vulnerability to Grunt 1.3.0 in the Simmer repo. I will update ASAP but if you have forked the repo or are using another version somewhere else please be aware.

-----------------

high severity
Vulnerable versions: < 1.3.0
Patched version: 1.3.0

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

-----------------

Regards,

Daniel Fuller

Reply all
Reply to author
Forward
0 new messages