Description
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
Remediation
References
https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114
Related Vulnerabilities
CVE-2023-33546 Vulnerability in maven package org.codehaus.janino:janino-parent
CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request
CVE-2022-41376 Vulnerability in npm package metro4
CVE-2021-23901 Vulnerability in maven package org.apache.nutch:nutch
CVE-2023-28709 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core