Investigate vulnerability: Injection Vulnerability in pug-code-gen

Issue created from vulnerability 73064

Description:

Pug is an npm package which is a high-performance template engine.This advisory applies to multiple pug packages including pug, pug-code-gen.

• Severity: critical
• Confidence: unknown
• Location: package-lock.json

Solution:

Upgrade to versions 2.0.3, 3.0.2 or above.

Identifiers:

• GHSA-p493-635q-r6gr
• CVE-2021-21353
• Gemnasium-b90511d7-4baa-4aeb-b198-22349457913a

Links:

• https://nvd.nist.gov/vuln/detail/CVE-2021-21353

Scanner:

• Name: Gemnasium