Description
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
Remediation
References
https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d
https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427
Related Vulnerabilities
CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-core
CVE-2020-8910 Vulnerability in npm package google-closure-library
CVE-2023-26136 Vulnerability in npm package tough-cookie
CVE-2022-29258 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-mysql-cdc