Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Remediation

References

https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d

https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427

Related Vulnerabilities

CVE-2022-21144 Vulnerability in npm package libxmljs

CVE-2016-7103 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.12

CVE-2022-39381 Vulnerability in npm package muhammara

CVE-2017-5651 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory