3 matches found
OS Command Injection in ng-packagr
Overview ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. Recommendation Upgrade to version 10.1.1 or later References - CVE - GitHub Advisory...
@angular-ru/build-tools (=14.46.0), @eui/deps-base (>=10.0.0-beta.1 <=10.3.0-snapshot-1601287379391) potentially affected by CVE-2020-7735 via ng-packagr (>=10.0.0 <=10.1.0)
ng-packagr NPM version =10.0.0, =10.0.0-beta.1, =10.3.0-snapshot-1601287379391 Source cves: CVE-2020-7735 Source advisory: OSV:GHSA-QM28-7HQV-WG5J...
CVE-2020-7735
CVE-2020-7735 affects ng-packagr prior to 10.1.1, where the styleIncludePaths option enables OS command injection. Exploitation would allow an attacker to execute arbitrary commands on the host. Remediation: upgrade to ng-packagr 10.1.1 or later. This vulnerability is corroborated across NVD, npm...