The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:ng-packagr_project:ng-packagr:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "10.1.1"
}
]
}