WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-7735 Vulnerability in npm package ng-packagr

Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Remediation

References

https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427

https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d

Related Vulnerabilities

CVE-2018-16462 Vulnerability in npm package apex-publish-static-files

CVE-2023-25826 Vulnerability in maven package net.opentsdb:opentsdb

CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug-code-gen

CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook

CVE-2021-42228 Vulnerability in npm package kindeditor

Severity

High

Classification

CWE-78 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory Patch