A high-severity vulnerability was disclosed in the VS Code Angular Language Service extension (Angular.ng-template) that allows attackers to execute arbitrary code on developer machines, requiring only that a malicious project folder be opened. Published under GHSA-ccq4-xmxr-8hcq by maintainer alan-agius4, the flaws affect all extension versions before 21.2.4 and carry a CVSS v4.0 score indicating high impact across confidentiality, integrity, and availability. […]
The post Angular Language Service Flaws Enable Remote Code Execution appeared first on Cyber Security News.