Description
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
Remediation
References
https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d
https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427
Related Vulnerabilities
CVE-2023-46653 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation
CVE-2021-27290 Vulnerability in npm package ssri
CVE-2021-41246 Vulnerability in npm package express-openid-connect
CVE-2017-1000452 Vulnerability in npm package express-saml2
CVE-2022-21191 Vulnerability in npm package global-modules-path