OS Command Injection in ng-packagr · CVE-2020-7735 · GitHub Advisory Database · GitHub

OS Command Injection in ng-packagr

Moderate severity GitHub Reviewed Published May 7, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

ng-packagr (npm)

Affected versions

< 10.1.1

Patched versions

10.1.1

Description

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

References

Published by the National Vulnerability Database

Sep 25, 2020

Reviewed Apr 27, 2021

Published to the GitHub Advisory Database May 7, 2021

Last updated Feb 1, 2023

Severity

Moderate

6.6

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H