{"id":"CVE-2020-7735","details":"The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.","aliases":["GHSA-qm28-7hqv-wg5j"],"modified":"2026-04-11T23:12:31.897154Z","published":"2020-09-25T12:15:14.610Z","related":["SNYK-JS-NGPACKAGR-1012427"],"references":[{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427"},{"type":"FIX","url":"https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ng-packagr/ng-packagr","events":[{"introduced":"0"},{"fixed":"884dcaa7d97a26f35905f1e54f82a943ceb27534"},{"fixed":"bda0fff3443301f252930a73fdc8fb9502de596d"}],"database_specific":{"cpe":"cpe:2.3:a:ng-packagr_project:ng-packagr:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"10.1.1"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["next","v1.0.0","v1.0.0-alpha.0","v1.0.0-alpha.1","v1.0.0-alpha.2","v1.0.0-alpha.3","v1.0.0-alpha.7","v1.0.0-pre.0","v1.0.0-pre.1","v1.0.0-pre.10","v1.0.0-pre.11","v1.0.0-pre.12","v1.0.0-pre.13","v1.0.0-pre.14","v1.0.0-pre.15","v1.0.0-pre.16","v1.0.0-pre.17","v1.0.0-pre.2","v1.0.0-pre.3","v1.0.0-pre.4","v1.0.0-pre.5","v1.0.0-pre.6","v1.0.0-pre.7","v1.0.0-pre.8","v1.0.0-pre.9","v1.0.1","v1.1.0","v1.2.0","v1.2.1","v1.3.0","v1.4.0","v1.4.1","v1.5.0","v1.5.0-rc.0","v1.5.0-rc.1","v1.5.1","v10.0.0","v10.0.0-next.0","v10.0.0-next.1","v10.0.0-next.2","v10.0.0-rc.0","v10.0.0-rc.1","v10.0.0-rc.2","v10.0.1","v10.0.2","v10.0.3","v10.0.4","v10.1.0","v2.0.0","v2.0.0-rc.0","v2.0.0-rc.1","v2.0.0-rc.10","v2.0.0-rc.11","v2.0.0-rc.12","v2.0.0-rc.13","v2.0.0-rc.2","v2.0.0-rc.3","v2.0.0-rc.4","v2.0.0-rc.5","v2.0.0-rc.6","v2.0.0-rc.7","v2.0.0-rc.8","v2.0.0-rc.9","v2.1.0","v2.2.0","v2.3.0","v2.4.0","v2.4.1","v2.4.2","v3.0.0","v3.0.0-rc.0","v3.0.0-rc.1","v3.0.0-rc.2","v3.0.0-rc.3","v3.0.0-rc.4","v3.0.0-rc.5","v4.0.0","v4.0.0-rc.0","v4.0.0-rc.1","v4.0.0-rc.2","v4.0.0-rc.3","v4.0.0-rc.4","v4.0.1","v4.1.0","v4.1.1","v4.2.0","v4.3.0","v4.3.1","v4.4.0","v4.4.1","v4.4.2","v4.4.3","v4.4.4","v4.4.5","v4.5.0","v4.6.0","v4.7.0","v4.7.1","v5.0.0","v5.0.1","v5.1.0","v5.2.0","v5.3.0","v5.4.0","v5.4.1","v5.4.2","v5.4.3","v5.5.0","v5.5.1","v5.6.0","v5.6.1","v5.7.0","v9.0.0","v9.0.0-rc.0","v9.0.0-rc.1","v9.0.0-rc.2","v9.0.0-rc.3","v9.0.0-rc.4","v9.0.0-rc.5","v9.0.0-rc.6","v9.0.0-rc.7","v9.0.0-rc.8","v9.0.0-rc.9","v9.0.2","v9.0.3","v9.1.0","v9.1.1","v9.1.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7735.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}