we test our kendo based application with ZAP security scanner Tools. It reports one high security risk caused on kendo.all.min.js file.
Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.
If at all possible, use library calls rather than external processes to recreate the desired functionality.
Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software....
Does anyone know how to reduce or or eliminate this risk?