CVE-2021-21316
CVE-2021-21316 affects the npm package less-openui5 (pre-0.10.0) and can allow arbitrary code execution during build when processing untrusted theming resources (*.less). The vulnerability arises from inline JavaScript evaluation in a forked Less.js v1.6.3 embedded by less-openui5, which is norma...