Description
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126
Related Vulnerabilities
CVE-2020-12265 Vulnerability in npm package decompress
CVE-2023-42277 Vulnerability in maven package cn.hutool:hutool-core
CVE-2021-31405 Vulnerability in maven package com.vaadin:vaadin-text-field-flow
CVE-2022-4725 Vulnerability in maven package com.amazonaws:aws-android-sdk-core
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui