Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Remediation

References

https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d

https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427

Related Vulnerabilities

CVE-2023-38690 Vulnerability in npm package matrix-appservice-irc

CVE-2023-0410 Vulnerability in npm package @builder.io/qwik

CVE-2022-23107 Vulnerability in maven package io.jenkins.plugins:warnings-ng

CVE-2020-11022 Vulnerability in maven package org.webjars.bower:jquery

CVE-2022-31018 Vulnerability in maven package com.typesafe.play:play_2.12

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory