Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

Remediation

References

https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d

https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427

Related Vulnerabilities

CVE-2021-26544 Vulnerability in maven package org.apache.livy:livy-server

CVE-2020-7709 Vulnerability in maven package org.webjars.npm:json-pointer

CVE-2020-11071 Vulnerability in npm package slpjs

CVE-2021-21304 Vulnerability in npm package dynamoose

CVE-2022-22984 Vulnerability in npm package snyk-mvn-plugin

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory