In affected versions of
less-openui5 processing untrusted theming resources might execute arbitrary code.
When processing theming resources (i.e.
Especially in the context of UI5 Tooling, which relies on less-openui5, this poses a security threat:
This fix is available in less-openui5 version v0.10.0
Only process trusted theming resources.
Upgrade to version 0.10.0 or later
publishedAdvisory PublishedFeb 23rd, 2021
reportedReported by AnonymousFeb 23rd, 2021