An update for nodejs-grunt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1544 Final 1.0 1.0 2022-03-07 Initial 2022-03-07 2022-03-07 openEuler SA Tool V1.0 2022-03-07 nodejs-grunt security update An update for nodejs-grunt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that mundane work for you with basically zero effort. Security Fix(es): The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.(CVE-2020-7729) An update for nodejs-grunt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High nodejs-grunt https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1544 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-7729 https://nvd.nist.gov/vuln/detail/CVE-2020-7729 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 nodejs-grunt-1.0.1-2.oe1.noarch.rpm nodejs-grunt-1.0.1-2.oe1.noarch.rpm nodejs-grunt-1.0.1-2.oe1.noarch.rpm nodejs-grunt-1.0.1-2.oe1.src.rpm nodejs-grunt-1.0.1-2.oe1.src.rpm nodejs-grunt-1.0.1-2.oe1.src.rpm The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. 2022-03-07 CVE-2020-7729 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H nodejs-grunt security update 2022-03-07 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1544