An update for nodejs-grunt is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2048 Final 1.0 1.0 2022-11-11 Initial 2022-11-11 2022-11-11 openEuler SA Tool V1.0 2022-11-11 nodejs-grunt security update An update for nodejs-grunt is now available for openEuler-22.03-LTS. Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that mundane work for you with basically zero effort. Security Fix(es): The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.(CVE-2020-7729) An update for nodejs-grunt is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High nodejs-grunt https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2048 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-7729 https://nvd.nist.gov/vuln/detail/CVE-2020-7729 openEuler-22.03-LTS nodejs-grunt-1.0.1-5.oe2203.noarch.rpm nodejs-grunt-1.0.1-5.oe2203.src.rpm The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. 2022-11-11 CVE-2020-7729 openEuler-22.03-LTS High 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H nodejs-grunt security update 2022-11-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2048