ID DEBIAN:DLA-2368-1:9BF5E Type debian Reporter Debian Modified 2020-09-09T11:39:25
Description
Debian LTS Advisory DLA-2368-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
September 09, 2020 https://wiki.debian.org/LTS
Package : grunt
Version : 1.0.1-5+deb9u1
CVE ID : CVE-2020-7729
Debian Bug : #969668
It was discovered that there was a arbitrary code execution
vulnerability in grunt, a Javascript task runner. This was possible
due to the unsafe loading of YAML documents.
For Debian 9 "Stretch", this problem has been fixed in version
1.0.1-5+deb9u1.
We recommend that you upgrade your grunt packages.
For the detailed security status of grunt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/grunt
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
{"id": "DEBIAN:DLA-2368-1:9BF5E", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2368-1] grunt security update", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2368-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nSeptember 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : grunt\nVersion : 1.0.1-5+deb9u1\nCVE ID : CVE-2020-7729\nDebian Bug : #969668\n\nIt was discovered that there was a arbitrary code execution\nvulnerability in grunt, a Javascript task runner. This was possible\ndue to the unsafe loading of YAML documents.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n1.0.1-5+deb9u1.\n\nWe recommend that you upgrade your grunt packages.\n\nFor the detailed security status of grunt please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/grunt\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "published": "2020-09-09T11:39:25", "modified": "2020-09-09T11:39:25", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202009/msg00008.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2020-7729"], "type": "debian", "lastseen": "2020-09-14T00:58:03", "edition": 2, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-7729"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2368.NASL", "UBUNTU_USN-4595-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-4595-1"]}], "modified": "2020-09-14T00:58:03", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-09-14T00:58:03", "rev": 2}, "vulnersScore": 5.7}, "affectedPackage": [{"OS": "Debian", "OSVersion": "9", "arch": "all", "operator": "lt", "packageFilename": "grunt_1.0.1-5+deb9u1_all.deb", "packageName": "grunt", "packageVersion": "1.0.1-5+deb9u1"}], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T07:37:12", "description": "The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.", "edition": 9, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-03T09:15:00", "title": "CVE-2020-7729", "type": "cve", "cwe": ["CWE-1188"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7729"], "modified": "2020-10-27T00:15:00", "cpe": ["cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-7729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7729", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2020-11-25T15:14:38", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-4595-1 advisory.\n\n - The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the\n function load() instead of its secure replacement safeLoad() of the package js-yaml inside\n grunt.file.readYAML. (CVE-2020-7729)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.1, "vector": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "title": "Ubuntu 18.04 LTS : Grunt vulnerability (USN-4595-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-7729"], "modified": "2020-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:grunt"], "id": "UBUNTU_USN-4595-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141621", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4595-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141621);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-7729\");\n script_xref(name:\"USN\", value:\"4595-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Grunt vulnerability (USN-4595-1)\");\n script_summary(english:\"Checks the dpkg output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-4595-1 advisory.\n\n - The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the\n function load() instead of its secure replacement safeLoad() of the package js-yaml inside\n grunt.file.readYAML. (CVE-2020-7729)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4595-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grunt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7729\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grunt\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'grunt', 'pkgver': '1.0.1-8ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grunt');\n}", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-17T05:23:58", "description": "It was discovered that there was a arbitrary code execution\nvulnerability in grunt, a JavaScript task runner. This was possible\ndue to the unsafe loading of YAML documents.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n1.0.1-5+deb9u1.\n\nWe recommend that you upgrade your grunt packages.\n\nFor the detailed security status of grunt please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/grunt\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 7.1, "vector": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-10T00:00:00", "title": "Debian DLA-2368-1 : grunt security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-7729"], "modified": "2020-09-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:grunt", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2368.NASL", "href": "https://www.tenable.com/plugins/nessus/140468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2368-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140468);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/16\");\n\n script_cve_id(\"CVE-2020-7729\");\n\n script_name(english:\"Debian DLA-2368-1 : grunt security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was a arbitrary code execution\nvulnerability in grunt, a JavaScript task runner. This was possible\ndue to the unsafe loading of YAML documents.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n1.0.1-5+deb9u1.\n\nWe recommend that you upgrade your grunt packages.\n\nFor the detailed security status of grunt please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/grunt\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/grunt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/grunt\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected grunt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:grunt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"grunt\", reference:\"1.0.1-5+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-10-21T01:15:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-7729"], "description": "It was discovered that Grunt did not properly load yaml files. An attacker \ncould possibly use this to execute arbitrary code. (CVE-2020-7729)", "edition": 1, "modified": "2020-10-20T00:00:00", "published": "2020-10-20T00:00:00", "id": "USN-4595-1", "href": "https://ubuntu.com/security/notices/USN-4595-1", "title": "Grunt vulnerability", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}]}
