Description
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126
Related Vulnerabilities
CVE-2020-28249 Vulnerability in npm package joplin
CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui
CVE-2020-28479 Vulnerability in maven package org.webjars.bower:jointjs
CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina