Description
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
Remediation
References
https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114
Related Vulnerabilities
CVE-2020-35490 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-28196 Vulnerability in npm package krb5
CVE-2023-46998 Vulnerability in npm package bootbox
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.11
CVE-2023-45279 Vulnerability in maven package org.yamcs:yamcs-core