Description
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
Remediation
References
https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427
https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d
Related Vulnerabilities
CVE-2022-21213 Vulnerability in npm package mout
CVE-2023-36472 Vulnerability in npm package @strapi/utils
CVE-2022-35980 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2016-10614 Vulnerability in npm package httpsync
CVE-2021-46365 Vulnerability in maven package info.magnolia:magnolia-core