Description
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126
Related Vulnerabilities
CVE-2022-23458 Vulnerability in maven package org.webjars.npm:tui-grid
CVE-2021-41164 Vulnerability in npm package ckeditor4
CVE-2021-21623 Vulnerability in maven package org.jenkins-ci.plugins:matrix-auth
CVE-2020-36379 Vulnerability in npm package aaptjs
CVE-2022-24429 Vulnerability in npm package convert-svg-core