Angular Ng Template
Monthly
Command injection via untrusted Markdown rendering in the Angular Language Service VS Code extension (versions prior to 21.2.4) allows attackers to execute arbitrary commands on a developer's host when the developer hovers over and clicks a crafted JSDoc tooltip. The client trusts all rendered Markdown (isTrusted: true) while the language server fails to sanitize JSDoc content, enabling embedded command: URIs to fire from malicious source files or npm dependencies. No public exploit identified at time of analysis, but the supply-chain reach via npm packages makes this a notable developer-workstation risk.
Command injection via untrusted Markdown rendering in the Angular Language Service VS Code extension (versions prior to 21.2.4) allows attackers to execute arbitrary commands on a developer's host when the developer hovers over and clicks a crafted JSDoc tooltip. The client trusts all rendered Markdown (isTrusted: true) while the language server fails to sanitize JSDoc content, enabling embedded command: URIs to fire from malicious source files or npm dependencies. No public exploit identified at time of analysis, but the supply-chain reach via npm packages makes this a notable developer-workstation risk.