UbuntuUpdates.org

Package "grunt"

Name: grunt

Description:

JavaScript task runner/build system/maintainer tool

Latest version: 1.0.1-8ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://gruntjs.com/

Links


Download "grunt"


Other versions of "grunt" in Bionic

Repository Area Version
base universe 1.0.1-8
security universe 1.0.1-8ubuntu0.1

Changelog

Version: 1.0.1-8ubuntu0.1 2020-10-20 23:06:19 UTC

  grunt (1.0.1-8ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution in js-yaml
    - debian/patches/CVE-2020-7729.patch: switch to use safeLoad
      for loading YML files via file.readYAML
    - CVE-2020-7729

 -- Emilia Torino <email address hidden> Tue, 20 Oct 2020 11:33:28 -0300

CVE-2020-7729 The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure repla



About   -   Send Feedback to @ubuntu_updates