EUVD-2021-1133

Malware in sbrugna...

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +2602 more potentially affected by CVE-2022-1537 via grunt (>=0.2.14 <=1.4.1)

grunt NPM version =0.2.14, =1.0.0, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0-alpha1, =0.1.0, =0.4.0, =0.0.9, =0.0.6, =0.12.0-edge9, =0.0.5, =0.0.2, =1.0.1 and more Source cves: CVE-2022-1537 Source advisory: OSV:GHSA-RM36-94G8-835R...

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +2602 more potentially affected by CVE-2022-0436 via grunt (>=0.2.14 <=1.4.1)

grunt NPM version =0.2.14, =1.0.0, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0-alpha1, =0.1.0, =0.4.0, =0.0.9, =0.0.6, =0.12.0-edge9, =0.0.5, =0.0.2, =1.0.1 and more Source cves: CVE-2022-0436 Source advisory: OSV:GHSA-J383-35PM-C5H4...

PT-2022-13183 · Grunt +3 · Grunt +3

Name of the Vulnerable Software and Affected Versions: Grunt versions prior to 1.5.2 Description: The issue is related to path traversal in the Grunt GitHub repository. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents...

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +2600 more potentially affected by CVE-2020-7729 via grunt (>=0.2.14 <=1.2.1)

grunt NPM version =0.2.14, =1.0.0, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0-alpha1, =0.1.0, =0.4.0, =0.0.9, =0.0.6, =0.12.0-edge9, =0.0.5, =0.0.2, =1.0.1 and more Source cves: CVE-2020-7729 Source advisory: OSV:GHSA-M5PJ-VJJF-4M3H...

USN-4595-1 grunt vulnerability

It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. CVE-2020-7729...

Debian DLA-2368-1 : grunt security update

It was discovered that there was a arbitrary code execution vulnerability in grunt, a JavaScript task runner. This was possible due to the unsafe loading of YAML documents. For Debian 9 'Stretch', this problem has been fixed in version 1.0.1-5+deb9u1. We recommend that you upgrade your grunt...

AZL-44379 CVE-2020-7729 affecting package js-jquery 3.5.0-4

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML...

@benningfield-group/grunt-build-angularjs (>=0.1.0 <=0.1.2), @brandonli8/grunt-config (>=0.0.0-dev.7 <=0.0.0-dev.22) +164 more potentially affected by CVE-2020-7729 via grunt (>=1.0.0 <=1.2.1)

grunt NPM version =1.0.0, =0.1.0, =0.0.0-dev.7, =0.0.16-alpha, =1.0.0, =0.1.0-ocetnik-doc-test-storybook-2017-09-06T11-14-08-299Z, =0.0.13, =1.0.0, =1.0.0, =0.0.1, =1.0.7, =1.0.1, =1.1.12 and more Source cves: CVE-2020-7729 Source advisory: SNYK:JS-GRUNT-597546...