Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Remediation

References

https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d

https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427

Related Vulnerabilities

CVE-2020-15126 Vulnerability in npm package parse-server

CVE-2022-36897 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage

CVE-2017-7657 Vulnerability in maven package org.eclipse.jetty:jetty-client

CVE-2023-46234 Vulnerability in maven package org.webjars.npm:browserify-sign

CVE-2022-23505 Vulnerability in npm package passport-wsfed-saml2

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory