Description
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
Remediation
References
https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114
Related Vulnerabilities
CVE-2020-22755 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2020-15999 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-manager
CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin
CVE-2018-9207 Vulnerability in maven package org.webjars:jquery-file-upload