Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Remediation

References

https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d

https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427

Related Vulnerabilities

CVE-2020-28458 Vulnerability in maven package org.webjars.bower:datatables.net

CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-impl

CVE-2019-16869 Vulnerability in maven package io.netty:netty-all

CVE-2022-25842 Vulnerability in maven package com.alibaba.oneagent:one-java-agent-plugin

CVE-2021-32809 Vulnerability in maven package org.webjars.npm:ckeditor4

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory